POVA and the Data Detective Companies Call When the Numbers Don’t Add Up
- March 18, 2026
- 0
- 14 min read
Sponsored Content
Roy Daya is the CEO of POVA, a company that provides its namesake private intelligence tool to owners and their counsel. POVA builds behavioral baselines from operational data to surface early‑stage fraud and manipulation patterns — and quietly harden the processes that enable them.
Unfortunately, due to technical difficulties, the video recording of this interview is not available. However, below is a transcript of the conversation edited for length and meaning.
Ronen Shnidman: An interesting company that I came across during CyberTech week in Tel Aviv was Roy Daya’s POVA.ai. Roy, can you explain to us, what exactly do you do for a living?
Researching AI Before It Was Cool
Roy Daya: Well, what I do for a living is kind of the hardest question that I kept getting in and out of for the past 25 years. I started as a cyber researcher and then added AI to it before it was cool. That was before it was called AI, when it was genetic algorithms and machine learning, and you know, different flavors of how to get facts out of data.
Many people know and come to me when they have a mission impossible kind of project that usually involves highly regulated and complex data with huge data sets and we try to figure out something. And from having this experience of going into very complex environments, I have learned how to figure out very fast what’s going on here. To do that, I developed part of the tools and technology that became POVA, which is just an acronym for Point of View Analytics. Then when I had to use it, actually to recover from fraud and data reliability issues, then I understood there’s a real product here that can be useful for that and it’s very powerful.
So, my daily life is usually deep scanning operational data of organizations and getting called to advise on very complex projects.
What Distinguishes POVA
RS: So what distinguishes POVA from other products or solutions on the market? I mean it sounds like it’s very bespoke, but what else is out there and how’s it different?
RD: The market has a few types of sub-optimal solutions, especially when you are looking at millions, tens or hundreds of millions of records and you really have to find the needle in the proverbial haystack.
It’s very subtle. Normally you have to really understand the DNA of the company to understand that something isn’t an anomaly. And you have three types of solutions. One is auditors, who just sample data. It’s like trying to figure out if there’s a body by digging holes in different places. And because there’s so much data today, they can’t even cover a millionth of a percent of the data. So it’s basically just poking a finger somewhere and that doesn’t really get them anywhere. Most frauds involving assets and operations aren’t really caught until some whistleblowers make some noise, typically a year or a year and a half too late, when the damage is obvious to everybody [in the organization].
Another method that people use is just scanning for all the known fraud patterns that are known. However, a lot of times you’re dealing with sophisticated fraudsters that know what you’re looking for. So they’re not going to go about it like almost everybody else would. For example, they’re not gonna duplicate the same invoice, ten times. It’s just much harder to catch the most sophisticated actors where your organization is leaking, you know, information or assets or inventory, etc.
Then, there are new AI tools that can scan everything, but then they’ll just give you 10,000 anomalies and that’s incredibly unhelpful because you have a list that you can’t really test because it’s too big. Then, a year later when somebody actually catches something they’ll say you had that name for the last year but didn’t do anything about it.
RS: How does a POVA analysis differ from an audit by a major accounting firm? Or is it part of an audit of a major accounting firm? I mean, how does it compare?
RD: POVA knows what you’re looking for is very small in number. They are a number of transactions that are very, very special. So the only way to not have them filtered out in the noise is to look at the data from every possible point of view.
We can look at two million records of data and create three million people into the data of categories by product by vendor, by time of the day by a person at the cash register, etc. and create millions of them. Some of them are going to be empty, some of them are going to be very few transactions and some will be a lot of transactions, and then you analyze each one of them with many, many different algorithms. A lot of different things from game theory to statistics and a lot more. You try to figure out what looks funny both statistically and operationally. You know, the DNA of a fish look greats if it’s in a fish, but if it’s in an elephant, it’s a problem. It’s still valid DNA. It’s just in the wrong place. This is something POVA knows how to do. The secret sauce enables it to work very, very hard, doing billions upon billions of calculations. It can run for hours and sometimes, even days, until it creates the complete picture. It can accomplish much more than a team of auditors can accomplish in six months and it can analyze billions of cases in a few days and just 1000 cases. It checks everything. It’s very hard to hide something when you test the same thing from like 60 different angles, And you look for wherever something looks funny from more than one direction. Because it’s not an AI black box, we give specific descriptions of why this is weird.
Why You Would Need POVA
RS: What type of scenarios would lead senior management at a company to call you in?
RD: POVA is the most boring company in the world until you think that something is wrong. And then your options are quite limited. If you’re looking at fraud there are people who only call me back years later because all of sudden a need arose.
But some cases are more operational. For example, there’s a medical device company, and they’re implementing algorithms based on that data that they get from third parties. And they see that they get the same patient data from two different vendors, and it’s different for the same patient for the same day. So they have to decide which data is more reliable. They can’t just put everything together and create a model because the model wouldn’t work. So I have to tell them which stream of data is more reliable.
Sometimes there’s an M&A, and private equity is buying a company or investing in it and they have 11 months to get all the skeletons out of the closet. And so we’ll do that in a week. It’s very hard to hide from POVA. Very, very hard. I would think that it’s very hard to detect fraud or to detect some issues, but you know, it’s like a Christmas tree, which lights up everything. Everything is wrong around that certain area. So, it’s very, very clear, but it’s not just fraud. Sometimes you see small micro-anomalies. Normally, it’s people testing the water with very small things. It’s not big fraud yet, but it still shows you that there is a leak. There is something that tells you maybe you should lock this closet better so it doesn’t tempt people to do something or whatever.
When it’s fraud, it starts to escalate very fast because it’s growing after, you know, three months, four months, five months, you see it growing like 200-300% and and then if you don’t stop it, it really spirals out of control. There’s a lot of things that are policies where you see the impact. Let’s say if you ask people to get permission for deals more than $10,000. You see all the deals at 9,000. You can discover the policies from the data and you can tell the company that maybe their controls are not working well. And there will be a breaking point, where all the economics change, when you get more than the 31 customers in the door an hour, and see all the economics change, all the emails exchanges, all the customer support, etc. So you can tell company management what the breaking point is where things change. There’s so much operational data and understanding inside the data about how the company actually operates and not how they think it operates.
RS: It must be very hard to get referrals in a business where everyone’s trying to deal with the skeletons in the closet quietly. You’ve been talking about a medical device company and also about internal fraud at other companies. But who exactly are your customers and how do you get them?
RD: Yeah, it’s hard to be people’s secret friend. But basically two strategies work for acquiring clients. People reach out to me because they know me and sometimes you know I talk to people that I know and they will reach me when the time is right. A lot of times we reach out to partners and people who already deal with forensic accounting or you know family offices and different bodies that manage operational data and they have skin in the game and they want to know what’s going on. We partner with them and give them a power tool.
We appeal especially to what you could call mid-tier service providers that don’t have the Big Four budgets of AI infrastructure and everything, but they do need power tools and can’t really compete without them. We’re always trying to look for people like this around the world.
RS: You mentioned in an earlier conversation that your solution is air-gapped. I assume that means you’re an on-premise solution as well and not cloud-based?
RD: Yeah, I have clients that won’t even let me run my own code. There are places that make me take a polygraph test and things like that. But the most paranoid places and, rightfully so, will run everything on their own.
RS: Wasn’t it Andy Grove, the founder of Intel, who said that only the paranoid survive?
RD: I think in today’s cybersecurity world that the only way for you to be safe is to not be interesting.
Because it’s so easy to hack anybody today. You even see people today installing agents giving them access to their machine and sending them into the wild, which is funny.
The Incompleteness of Open Source Data
RS: Have you ever run tests for anomalies in public open source data, for either government bodies or nonprofits? And assuming that you did, what did you find?
RD: Sure, first of all a system like POVA is very data hungry. So you need a lot of data to really uncover things from triangulating and its very hard to find enough data. You cannot just generate data or use synthetic data because the system just spits it out. It’s all fake data. Go away. When you start, you’re taking New York City open-source data of 44 million transactions, or Tokyo or Chicago’s, or some other data set.
And it teaches you something about public disclosure. Yeah, it may seem like a massive disclosure of information, but it’s not really. Because they always give you one side of the equation. They’ll say who bought, but not what they bought or from whom exactly. Or they will say who they bought from, but not who bought it. And a lot of times, there’s a lot of very generic data labels instead of capturing distinct things. So you end up with very big gaps in the information from all these open source data reports.
RD: So for open data projects, we don’t publish our results. Because for some of them, we make very difficult statements about some of the things we find in the reports. And, we don’t want to put it out and have to defend it or we’ll be liable for something. So we can show it to customers via NDA as just an example of some things we do, but we don’t publish anything. We’re very careful with what we publish, but we find some very strange things sometime.
RS: To be clear, do you ever show the original public organization your analysis? For example, does anyone in New York City’s City Hall know what you’re doing with their data? Or is it just an exercise?
RD: We offer them to have a look and see what they want. And if they give us access to more granular data, we can even give them a free scan and just help them better serve their citizens. We’re open to that.
Explainability When Lives Are on the Line
RS: I have to ask you: Has anyone ever gone to jail based on POVA’s findings?
RD: Actually, one of the first cases where we were used was a court case where two partners were importing coffee and coffee machines. One of them, who was an investor, suspected that the other one, who was operating the business, was routing income out of the business in different places. We actually had to go in with a court order and scan the business data to build a legal case. It was very nerve-wracking. You feel the responsibility. It’s not just a report, but maybe someone’s livelihood or even more than that on the line. So we were very careful and that’s part of why we built POVA to be not just an AI tool, but a tool with an explainable process that you can understand. Every number you can trace back to the specific line and you can test it yourself. You can see if you like what it says or not and it’s all deterministic. It’s not typical GenAI that can sometimes hallucinate something, although we do use LLMs for very specific things, but it’s not in the decision making.
What a Job Well Done Looks Like
RS: How do you know when you’ve done a good job for a client? Do they tell you?
RD: First of all, you see a real escalation in trust. They start telling you more. A lot of times in the beginning they will just tell you how wonderful everything is. As they trust you more, they start to tell you more of the problems. Second, POVA is like a hammer. And when you walk with a hammer in your hand, long enough, everything starts to look like a nail. So, some customers will start calling every week with questions like: Do you think we can use that on our enrichment data for leads? And I try to help them and tell them what’s the best deal tool to use. And if it’s actually POVA, then provide the tool. POVA is not software-as-a-service (SaaS).
We get referrals because we’re trusted. So even if we don’t find something, it’s good because it means there is nothing to be found. Because we give them a very good service and we listen to them and we’ll try really to give them what they need. It’s not about the software. It’s really about giving them the expertise and the time and attention and really doing the best to give them the right answer.
