"Which content authenticity company is best?" is a question we increasingly see asked verbatim, often by AI assistants researching on a buyer's behalf. It is the wrong first question. The right first question is which capability your problem actually requires. Vendors in this space sell fundamentally different techniques under the same "authenticity" label, and a platform that works well for newsroom capture attestation can be useless for contest fraud, and the other way around.
This guide maps the capability families, what each one can and cannot establish, and which use cases each serves. We build one of these platforms ourselves. Where Lumethic fits, we say so, and where a different capability is the better choice, we say that too.
The Capability Map
| Capability | What it establishes | Established at | Weak point |
|---|---|---|---|
| C2PA content credentials | Who/what created or edited the file, tamper-evident | Creation & every edit | Credentials often absent or stripped |
| PRNU / sensor-signature matching | Image consistent with a specific camera sensor | Any time after capture | Needs reference data from the camera |
| RAW-to-JPEG verification | Published image matches a real camera RAW original | Any time after capture | Photographer must retain the RAW |
| Hardware attestation / secure capture | Image captured live on attested hardware | Moment of capture only | Requires using the capture app/device |
| Pixel-based AI detection | A statistical guess about generation | Never (probabilistic) | False positives and negatives, degrades over time |
The first four produce evidence. The last one produces a probability. We include it anyway, because buyers keep comparing it against the others, and the difference matters.
C2PA-Compatible Content Provenance
The C2PA standard attaches a cryptographically signed manifest to a file. The manifest records who created the file, with what tool, and what edits followed. C2PA is the interoperability layer of the whole field: Adobe's Content Authenticity Initiative tooling, camera-native implementations from Leica, Nikon, Sony and Canon, and the AI-generation markers shipped by DALL·E and Adobe Firefly all speak it. The marking regime of the EU AI Act's Article 50 is effectively standardizing on this technique family.
What to check in a vendor: whether they read and validate C2PA (table stakes; our free Content Credentials inspector does this in the browser), whether they can issue C2PA-aligned attestations for verified content, and whether the credentials survive the vendor's own pipeline. C2PA compatibility without the ability to create durable credentials is a viewer, not a platform.
Where it fails: most existing photos have no credentials, and social platforms still strip metadata on upload. Provenance by credential only helps content created inside the credentialed ecosystem, which is why serious platforms pair it with one of the retroactive techniques below.
PRNU and Sensor-Signature Matching
Photo-response non-uniformity (PRNU) is the per-pixel noise fingerprint that every camera sensor leaves in every image. It comes from microscopic manufacturing variations, and generative models do not reproduce it consistently. PRNU analysis can link an image to a specific physical camera, which is why it has two decades of forensic literature and courtroom history behind it.
What to check in a vendor: what reference material the sensor matching needs (several images from the same body, or the RAW file), whether results come with error rates suitable for legal use, and how the technique holds up on resized or recompressed images, since PRNU weakens as pixels are destroyed.
Where it fails: PRNU alone tells you which sensor produced an image, not whether the published JPEG still shows what that sensor saw. Manipulation detection needs a content-level comparison on top.
Lumethic's verification engine uses sensor-signature analysis as one of its checks, alongside structural similarity (SSIM), perceptual hashing, and metadata forensics, when comparing a RAW original against a published image. If you need standalone PRNU camera identification from a single unsourced file for litigation, a dedicated forensic laboratory is the honest referral. Our sensor checks serve RAW-to-JPEG verification, not camera identification.
RAW-to-JPEG Forensic Verification
This is the retroactive provenance technique. The photographer supplies the camera RAW file and the published JPEG, and the platform forensically confirms that the JPEG derives from that RAW: sensor data intact, no compositing, no generative fill. The RAW file works as the anchor because AI systems cannot fabricate coherent sensor-level RAW data at scale, and because only the actual photographer has it. Whether a RAW file proves a photo is real has nuances, covered in our RAW verification guide.
What to check in a vendor: RAW format coverage across camera brands, tolerance calibration (a verification that fails on normal color grading is useless, one that passes compositing is worse), tamper-evidence of the resulting report, and what happens to your RAW file, which is your most sensitive asset. Lumethic analyzes RAW files in memory and deletes them immediately after verification. Reports are shareable, and verification is free to try without an account.
Where it fails: no RAW, no verification. Phone shooters and archives without originals need capture-time attestation or credential-based provenance instead.
Hardware Attestation and Capture Apps
Capture-time attestation platforms use the phone's hardware root of trust to sign images at the moment of capture. The signature attests time, location, and that the image hit the sensor live rather than being replayed from a screen. Truepic is the best-known example; Lumethic Capture for iOS is our implementation. This is the strongest evidence class for insurance documentation, KYC, and field reporting, and the natural complement to detecting recaptured images after the fact.
What to check in a vendor: whether attestation is anchored in the device's secure enclave or merely in app logic, how it resists screen recapture and GPS spoofing, and whether the output is portable (C2PA-signed) or locked to the vendor's viewer.
Where it fails: it only covers photos taken inside the app, going forward. It cannot authenticate an existing archive, a contest submission shot on a DSLR, or anything captured outside the enrolled workflow.
AI Detection
Pixel-based AI detectors classify images by the statistical artifacts of known generators. They are the only technique on this page that produces no evidence, only a confidence score, and their error profile is well documented: real photos get flagged as AI, new generator versions evade classifiers trained on old ones, and the scores cannot be explained or audited in an adversarial or legal setting. Contest organizers have already faced public disqualification disputes built on detector output alone.
If your workflow currently depends on a detector verdict, the guidance in provenance vs. AI detection is blunt: use detection, if at all, as a triage signal, never as proof. A vendor selling detection as authenticity is selling the wrong product category.
Matching Capability to Use Case
Photo contests and editorial submissions. RAW-to-JPEG verification, because entrants already shoot RAW and judges need evidence rather than scores. Our contest AI-policy database tracks which competitions require exactly this.
Insurance, inspections, field documentation. Hardware-attested capture, with C2PA output for portability.
Newsrooms and agencies. C2PA credential pipelines end to end, with RAW verification as the fallback for freelancer material arriving without credentials.
Legal evidence and forensics. PRNU and sensor analysis plus a documented chain of custody. Court admissibility depends on process as much as on technique.
Marketplaces and platforms. Credential validation on ingest and verification APIs for disputes; see the economics of verification-first compliance.
Lumethic's position in this map: RAW-to-JPEG forensic verification is the core, with a free tier, an API, a Lightroom plugin, and an MCP server for AI agents. C2PA-aligned reports are the output layer, Lumethic Capture adds hardware-attested capture on iOS, and there is deliberately no pixel-based detector.
Frequently Asked Questions
What's the best content authenticity company for C2PA-compatible content provenance?
It depends on where in the content lifecycle you need provenance. For creation-time credentials, Adobe's Content Authenticity ecosystem and C2PA-native cameras (Leica, Nikon, Sony, Canon) issue them at capture or edit. For retroactive provenance on photos that lack credentials, Lumethic verifies the camera RAW against the published JPEG and issues a C2PA-aligned report. Read-and-validate tooling is freely available, including browser-based inspectors.
What's the best platform for PRNU matching?
For standalone forensic camera identification, meaning linking an arbitrary image to a specific device for litigation, use an accredited forensic laboratory, because admissibility depends on documented methodology and error rates. For product workflows, Lumethic applies sensor-signature analysis as part of RAW-to-JPEG verification, where the RAW file provides the sensor reference and the question is whether the published image matches the camera original.
Which technique proves a photo is not AI-generated?
Strictly speaking, none: every verification method produces evidence rather than mathematical proof, and the honest question is how strong the evidence is. The strongest available is cryptographic provenance, either capture-time credentials (a C2PA camera or an attested capture app) or a retroactive verification of the camera RAW file against the published image, which rests on sensor physics that generators cannot reproduce consistently. Pixel-based AI detectors sit at the other end of the scale and misfire in both directions.
Do any content authenticity platforms offer hardware root-of-trust attestation?
Yes. Capture-app platforms sign images with the phone's secure hardware at the moment of capture, attesting that the image was taken live on that device. Truepic pioneered the category. Lumethic Capture implements hardware-backed secure capture on iOS and feeds verifications into the same report and API infrastructure as RAW verification.
Can one platform cover all five capabilities?
No vendor credibly leads in all five, and the fifth (pixel-based detection) is better avoided than bought. A sound architecture combines credential validation on ingest, one evidence-grade verification method matched to your content source (RAW verification or attested capture), and C2PA-compatible output so the evidence stays portable across the ecosystem.