Artificial intelligence has become more capable, but that has only made its weaknesses more consequential. In this fifth article of seven drawn from AI startup companies presenting at NVIDIA GTC in San Jose, the focus shifts to start-ups tackling risk, authenticity, hallucination, and trust, where the challenge is no longer what AI can do, but how safely it can be relied upon.
The language around trustworthy AI often becomes abstract very quickly. It drifts into governance frameworks, policy statements, and model cards, as if risk were mainly a matter of better documentation. The reality is more immediate than that. Enterprises are already dealing with manipulated media, unreliable outputs, embedded bias, prompt injection, and a growing inability to distinguish what is authentic from what is merely plausible. As models move deeper into decision-making, trust stops being a philosophical concern and becomes an operational one.
That is what gives this group of companies its shape. They are not trying to build the next general-purpose model or another layer of convenience on top of existing systems. They are working where AI becomes dangerous, expensive, or simply unusable unless its behaviour can be understood, verified, or changed. In one case, that means turning the physical world into a live risk surface for wildfire agencies. In another, it means making retail stores legible enough to reduce theft and operational blind spots. Elsewhere, it means detecting synthetic media before it enters business workflows, or teaching a model to forget what it should never have retained in the first place.
Making the physical world computable
FireScore.ai sits slightly apart from the others in category terms, but not in strategic terms. Its argument is that one of the biggest trust failures in risk management is still the poverty of the underlying map. Agencies are asked to make wildfire decisions using static, outdated, low-resolution representations of environments that change constantly. FireScore describes its answer as geophysical AI, a system that builds one-metre super-resolution maps from satellite imagery and trains those maps with high-resolution LiDAR and hyperspectral data so the landscape can be represented in accurate 3D and refreshed every few days. The platform is designed to support prioritisation, vegetation and moisture mapping, structural risk analysis, automated scoring, and compliance planning for fire agencies.
“What I saw in Afghanistan was a system so normalised that people had stopped questioning it,” Alex Momand, Co-Founder and Chief Executive Officer of FireScore.ai, says. “When I came back to the United States, I found a different version of the same thing. Fire agencies were still relying on technology that belonged to another era, static maps, poor visibility, boots and binoculars, and that was simply accepted as the way things were done. What we are building instead is a four-dimensional representation of the highest-risk areas, something that can be queried like a large model but is grounded in the physical world.”
That grounding is the company’s core claim. “We are using LiDAR, hyperspectral sensors, and a metrically aligned spatial representation to build what we call geophysical AI,” Momand says. “It is an AI that understands the geophysical world, not as a flat image, but as a living system that updates as new satellite passes, new LiDAR, and new sensor data arrive. Every time those inputs are refreshed, our digital twin updates with new vegetation indices, new risk patterns, and new simulations, so agencies are not relying on stale maps when they make decisions.”
The point is not merely better visualisation. It is to create a system that can reason over terrain, vegetation, structure exposure, and operational change in a way conventional GIS layers struggle to support. FireScore’s site makes the same point more directly, arguing that wildfire agencies need granular, frequently refreshed, actionable intelligence rather than static maps that cannot keep pace with changing conditions in high-risk areas.
Reducing the blind spots in retail
Signatrix is tackling a very different kind of visibility problem. Retail stores have long been full of infrastructure, cameras, shelving, point-of-sale systems, sensors, but much of what happens inside the store still goes unseen until it turns into shrinkage, empty shelves, queuing issues, or staffing pressure. Signatrix positions itself as a visual intelligence platform for brick-and-mortar retail, using AI to analyse what is happening in store automatically and in real time, then turn that into notifications, forensic analysis, actionable analytics, and incident visibility. The company says it integrates with existing infrastructure, provides a single hardware and software deployment per store, and can rapidly roll out multiple use-case applications across in-store IP cameras. It also says it works with clients and partners in 28 countries.
“Compared to ecommerce, physical retail is still astonishingly opaque,” Philipp Müller, Founder of Signatrix, says. “A lot of retailers are happy if they know their revenue at the end of the day, but beyond that the store is still treated like a black box. They do not know what is happening at the shelf in real time, they do not know where attention is needed most, and those visibility gaps are costing them billions through theft, out-of-stocks, and operational inefficiencies that are entirely avoidable.”
The company’s answer has been to use existing infrastructure to turn those spaces into something more measurable. “What we did was shine a light on the physical store using the cameras that were already there, together with AI and local compute,” Müller says. “That allows retailers to deal with out-of-stocks, theft, automated age verification, queue detection, emergency exits, customer movement, and all the other issues where someone would normally need to be physically present just to notice that something required attention. In practice, it becomes a kind of automatic prioritisation layer for store staff.”
The operational model matters as much as the use cases. “Bandwidth usually does not allow dozens of HD streams to leave the store, so you bring the compute to the store instead,” Müller says. “You run the heavy computer vision locally, compress that into event streams, and then send those streams to the cloud for aggregation and reasoning. I think that is going to be a common model in physical industries, not just retail but airports, construction, manufacturing, many environments where the physical world is still largely unstructured from a software perspective.” Signatrix’s site reinforces that architecture, stressing local AI, rapid app deployment, and one deployment that unlocks multiple store-level use cases from a single hardware footprint.
Detecting what is no longer authentic
UncovAI is confronting a more explicit trust problem, the rapid spread of synthetic content through the same channels businesses now depends on. The company’s site presents it as an AI content detector for text, audio, images, and video, with products spanning a secure web app, a meeting app for real-time voice detection, a WhatsApp bot, API and on-premises deployments, browser-based verification, and phishing URL protection. It positions the platform around “detection where it matters”, inside day-to-day tools where communication already happens, rather than in a separate forensic workflow. It also targets business, government, and consumer use, framing authenticity as a prerequisite for compliance, investigation, public trust, and personal safety.
“Everyone is using generative AI now, and that means low-information or manipulated content is spreading across every channel,” says Florian Barbaro, Founder and Chief Executive Officer of UncovAI. “The problem is not only misinformation in the media sense. It is also fraud, impersonation, and poisoned decision-making inside companies. If AI-generated content enters your systems unchecked, the outputs of your own models become biased, investigations become unreliable, and people start making decisions on synthetic material as if it were real.”
Barbaro’s argument is that detection must sit inside the workflow, not outside it. “We built our own models in house on mathematical hypotheses that make them light, fast, and easy to adapt to new languages and media types,” he says. “That means we can deploy inside Teams, Zoom, WhatsApp, and enterprise infrastructure, or on premise through an API. We can detect AI-generated voices during live meetings, verify suspicious media directly in messaging tools, identify manipulated identity documents, and protect against fraud such as fake applicants, CEO impersonation, or synthetic media used in political or financial manipulation.”
The emphasis is practical rather than theoretical. “If a company is hiring, opening financial accounts, managing insurance claims, or handling public information, then synthetic content is not some future issue,” Barbaro says. “It is already inside the workflow. What matters is being able to identify it before it triggers a payment, an onboarding decision, a compliance breach, or a false narrative.” The company site expresses that in similar terms, stressing protection against synthetic fraud, live deepfake impersonation, malicious URLs, and AI-generated media entering high-stakes decisions.
Teaching models how to forget
Hirundo is working on a problem that cuts to the centre of model safety. Most safeguards in enterprise AI still sit outside the model itself, in guardrails, filters, wrappers, red-teaming, and monitoring layers designed to catch bad behaviour after the model has already learned it. Hirundo’s claim is that this is not enough. Its platform is built around machine unlearning, identifying and modifying the specific parameters responsible for unwanted behaviour so risky knowledge can be removed from the model itself without damaging utility.
The company says its platform can detect risky knowledge and behaviour through built-in evaluations, surgically target the underlying parameters, and return a fixed model in hours rather than requiring retraining. It also claims benchmark-level improvements including up to 85 per cent reduction in jailbreaks, up to 70 per cent reduction in bias, and full removal of fine-tuned personally identifiable information in tested cases.
“Once an AI model learns something, it tends to stay there,” Ben Luria, Chief Executive Officer and Co-Founder of Hirundo, says. “That could be a bias, a vulnerability, private data, or simply knowledge that makes the model unsafe to deploy. The industry’s answer so far has mostly been to protect models from the outside. You wrap them, you filter them, you hope the dangerous behaviour does not surface. But if the model still knows what it should not know, then it can still be triggered. That is why we built a machine unlearning platform, to make models safer by removing the unwanted behaviour from the model itself, from the weights and neurons, not just from the interface.”
Luria describes the platform in three stages. “First we diagnose the model, we evaluate it, red team it, and identify where it hallucinates, where it is biased, where it leaks information, where it is vulnerable,” he says. “Then we remediate those weaknesses using our unlearning technology, which isolates where the risky behaviour is represented and removes it without harming performance. Finally, we add adaptive guardrails at inference, so the model is also protected in the way it is used. The point is not just to assess risk, but to fix it at the core and do so in a timeframe that makes enterprise deployment practical.”
Hirundo’s site makes the same argument with unusual bluntness, saying models cannot be protected just by external guardrails and that mission-critical AI projects fail because the risks remain too high in production environments.
Where trust stops being optional
What links these companies is not that they all work in security, or in risk, or in compliance. It is that they are each confronting a specific point at which intelligence becomes unusable unless trust is restored. FireScore is trying to make geophysical risk legible enough for agencies to act on current conditions rather than outdated abstractions. Signatrix is turning physical retail spaces into environments that can be monitored and prioritised. UncovAI is addressing the collapse of authenticity across everyday communication channels. Hirundo is going deeper still, asking what it means to remove risk from a model rather than merely contain it.
That is why this layer of the market matters. The first wave of AI adoption was driven by possibility. The next one is being shaped by exposure. Once systems are deployed in environments where they trigger action, allocate resources, influence judgement, or handle sensitive information, the conversation changes. Performance matters, but trust becomes the threshold condition.
This is also where the series has now arrived. The earlier articles moved from physical environments to industrial systems, then into healthcare and enterprise workflows. Here the focus narrows around a harder question. What happens when intelligence can no longer be treated as useful by default, and must instead be made reliable, explainable, or removable before it can be trusted at all. The next article turns to media, content, and digital experience, where AI’s relationship with authenticity becomes more culturally visible, and where the boundaries between creation, simulation, and manipulation become harder still to hold in place.
All companies featured in this article are part of the NVIDIA Inception programme, which supports startups developing cutting-edge technologies with access to NVIDIA’s expertise, tools and go-to-market resources. The initiative is designed to help early-stage companies scale faster and bring advanced AI-driven innovations into real-world deployment.
