A new benchmark reveals that the deepfake detection field has a measurement problem, not just a performance problem.
Researchers released VendorBench-100, a cross-paradigm benchmark that runs 36 deepfake image detectors through a single 100-image adversarial corpus. The test covers commercial APIs, zero-shot vision-language models, and open-source detectors — three categories that are widely used but rarely compared head-to-head. Rather than chasing dataset scale, the benchmark focuses on eight families of hard cases: face swaps, text-to-video stills, AI photo edits, avatar compositing, and others. Rankings lean on the Matthews correlation coefficient to handle the corpus's deliberate class imbalance, with ROC-AUC as a secondary measure.
The headline finding isn't the leaderboard. It's the gap between two metrics: models that rank images well by score (ROC-AUC) often fail to make reliable binary calls at a default threshold (MCC). In practice, that means a detector that looks strong on paper may flip the wrong way when deployed without tuning. That distinction matters enormously for any platform using these tools to auto-flag or auto-remove content at scale.
Commercial APIs landed at the top of the median performance table, with vision-language models next and open-source detectors trailing — though individual open-source models closed the gap with the best vision-language models. The benchmark and evaluation code are publicly available, which puts a reproducible baseline in the hands of researchers who have been working without one. Whether vendors take the findings seriously, or quietly move the goalposts, is another question.