diff --git a/rips/rustchain-core/src/anti_spoof/mutating_challenge.py b/rips/rustchain-core/src/anti_spoof/mutating_challenge.py
index c3b83219c..ea98977fc 100644
--- a/rips/rustchain-core/src/anti_spoof/mutating_challenge.py
+++ b/rips/rustchain-core/src/anti_spoof/mutating_challenge.py
@@ -404,7 +404,10 @@ def validate_response(
             confidence -= 20.0
 
         # 5. Verify proof hash (must have correct round count)
-        # In production, we'd recompute and verify
+        expected_proof = response.compute_proof(challenge, b'')
+        if response.proof_hash and response.proof_hash != expected_proof:
+            failures.append("Proof hash mismatch - possible emulator")
+            confidence -= 50.0
 
         valid = confidence >= 50.0