Commercial large language models are often deployed as black-box APIs, exposing users to economically motivated attacks such as model substitution, excessive quantization, or inflated token usage reporting, while offering no means to verify the correctness of inference or billing integrity. This work proposes the first efficient auditing framework that requires neither trusted hardware nor internal model access, leveraging verifiable computation and selective auditing strategies to cryptographically validate both inference execution and token consumption. The approach supports both dense and mixture-of-experts architectures, achieving strong detection guarantees with less than 1% throughput overhead. Experimental results demonstrate its ability to reliably distinguish between legitimate and malicious executions, thereby effectively safeguarding user interests.

Commercial large language models are typically deployed as black-box API services, requiring users to trust providers to execute inference correctly and report token usage honestly. We present IMMACULATE, a practical auditing framework that detects economically motivated deviations-such as model substitution, quantization abuse, and token overbilling-without trusted hardware or access to model internals. IMMACULATE selectively audits a small fraction of requests using verifiable computation, achieving strong detection guarantees while amortizing cryptographic overhead. Experiments on dense and MoE models show that IMMACULATE reliably distinguishes benign and malicious executions with under 1% throughput overhead. Our code is published at https://github.com/guo-yanpei/Immaculate.