Resemble AI released details on Proteus, an internal framework that automatically finds ways to trick its own audio deepfake detection system.
Proteus works by stringing together mundane audio transformations — codec transcoding, background noise, reverberation, dynamic-range compression, and VoIP simulation — to find combinations that flip a detector's verdict while leaving the speech sounding clean and the speaker recognizable. The framework runs two search strategies: a breadth-first sweep that maps which augmentations do the most damage across a parameter space, and a Q-learning agent that uses patterns from that sweep to discover longer, more effective attack chains. Resemble says it has deployed Proteus continuously against its production detector and confirmed that specific augmentation sequences can reliably defeat it.
The value here is the feedback loop. Finding that your detector fails is table stakes; building a system that finds new failure modes automatically and then feeds those examples back into retraining is a materially harder problem. As synthetic voice technology spreads into fraud, impersonation, and political manipulation, a detector that only keeps up with known attacks is close to useless.
The honest caveat: Proteus is described in a preprint, not an independent audit, so the robustness gains from targeted retraining are Resemble's own claim — take the headline numbers with the appropriate skepticism until outside researchers can reproduce the results.