Existing voice anti-spoofing models lack provable robustness guarantees against unseen synthesis techniques and input perturbations. To address this limitation, this work proposes the PV-VASM framework, which introduces a probabilistic verification mechanism to enable model-agnostic, black-box evaluation of misclassification probabilities under diverse attacks—including text-to-speech synthesis, voice cloning, and signal transformations. By leveraging probabilistic modeling and deriving theoretical upper bounds on error rates, PV-VASM provides provable robustness certificates without requiring access to the internal architecture of the target model. The framework further supports generalization to previously unseen spoofing methods. Experimental results demonstrate that PV-VASM effectively quantifies model robustness, offering a reliable tool for security validation in real-world deployment scenarios.

Recent advances in generative models have amplified the risk of malicious misuse of speech synthesis technologies, enabling adversaries to impersonate target speakers and access sensitive resources. Although speech deepfake detection has progressed rapidly, most existing countermeasures lack formal robustness guarantees or fail to generalize to unseen generation techniques. We propose PV-VASM, a probabilistic framework for verifying the robustness of voice anti-spoofing models (VASMs). PV-VASM estimates the probability of misclassification under text-to-speech (TTS), voice cloning (VC), and parametric signal transformations. The approach is model-agnostic and enables robustness verification against unseen speech synthesis techniques and input perturbations. We derive a theoretical upper bound on the error probability and validate the method across diverse experimental settings, demonstrating its effectiveness as a practical robustness verification tool.