¿Voy a tener que prohibir el uso de ChatGPT a mi equipo?

Al contrario. Moviwa nace para que no tengas que prohibir nada. Tus empleados siguen usando ChatGPT, Copilot o cualquier IA generativa con total normalidad. Moviwa actúa como un proxy invisible que filtra los datos sensibles antes de que salgan de tu empresa.

¿Es difícil de instalar?

Para nada. Moviwa es una capa invisible que se despliega en minutos. No requiere cambios en la infraestructura existente ni formación especial para los empleados. Funciona desde el primer día.

¿Mis empleados se sentirán vigilados?

No. Moviwa detecta patrones de datos sensibles de forma automática y los enmascara antes de que lleguen a la IA. No monitoriza conversaciones ni registra el contenido de las consultas. Tu equipo trabaja con libertad y tú duermes tranquilo.

¿Cumplís con la EU AI Act?

Sí. Moviwa está diseñado específicamente para ayudar a las empresas a cumplir con la EU AI Act y el RGPD. Proporcionamos trazabilidad, control de datos y las garantías que los reguladores exigen.

Desde 15 €/empleado/mes. El precio varía según el número de usuarios y las funcionalidades que necesites. Contacta con nosotros para un presupuesto personalizado.

Who Watches the AI Agents? Our Participation in the XV APTE B2B Meeting

June 22, 2026·José Manuel Robles·Events, Artificial Intelligence, Cybersecurity

On June 16, we had the honor of participating in the XV B2B Online Meeting organized by the PTE Disruptive Platform and APTE (Spanish Association of Science and Technology Parks), an event focused on digital transition and generative artificial intelligence agents.

The most interesting aspect of our participation was the perfect timing: right after Francisco Luis Benítez (Director of Innovation and Foresight at FIDESOL) brilliantly presented the problem of governance in generative AI, we introduced Atalaya, our solution for monitoring and controlling AI agents in real time.

The Problem: Traditional Guardrails Fail

As Paco Benítez explained in his talk "Who Controls the AI That Controls You?", we are facing an uncomfortable reality: traditional guardrail systems do not work.

And this is not theory. Incidents happen over and over again:

Real Cases Everyone Should Know

Taco Bell and the 18,000 Water Bottles: The drive-thru service implemented an AI agent that accepted an order for 18,000 cups of water without questioning it. The system simply had no policies for absurd but possible scenarios.

Chevrolet and the $1 Car: A customer convinced the brand's chatbot to sell them a vehicle for one dollar through prompt engineering. The AI generated a binding offer that the company had to honor.

Air Canada: Its chatbot offered a refund policy that did not exist, forcing the airline to make refunds not covered by its actual terms.

Anthropic and Claude Fable 5: After the incident where AWS researchers managed to bypass the model's protections, Anthropic had to hit the "red button" and block access outside the United States.

Meta and Microsoft Copilot: Documented cases of agents leaking confidential information from internal forums to public spaces, violating corporate security policies.

José Manuel Robles presenting Atalaya at the XV B2B APTE Meeting on Generative AI

The Reality of Companies with AI

The numbers do not lie:

88% of companies that have implemented AI have suffered significant incidents
Only 8% of executives believe their policies truly protect them
Barely 21% have real visibility into what their AI agents are doing

The fundamental problem is that traditional guardrails use another AI to decide whether an action should be executed or not. That is, we try to control AI with more AI, which introduces new attack vectors through prompt injection and other techniques.

The Solution: Deterministic Governance with Moviwa Atalaya

At Montevive AI we have developed Moviwa Atalaya, a deterministic governance platform that radically changes the approach:

How Moviwa Atalaya Works

Action Interception: Every action an AI agent attempts to perform first passes through Atalaya
Policy Evaluation: The system checks the action against a set of deterministic (non-probabilistic) policies
Binary Decision: The action is approved or denied. No gray areas
Complete Audit: Everything is logged for regulatory compliance (ISO, GDPR, ENS)

What Makes Moviwa Atalaya Different

Total Determinism: Unlike LLM-based guardrails, our policies are executable code. The same input always produces the same output.

Contextual: Atalaya maintains the complete history of what the agent has done, what data it has processed, and what it wants to do next.

Auditable: Every decision is logged with timestamp, context, and justification. Perfect for security and compliance audits.

Privacy-first: We automatically detect sensitive data (ID numbers, tax IDs, personal information) and block their transmission to external APIs.

Live demo of Atalaya showing deterministic AI governance policies at APTE event

Live Demo: Kit Consulting and Red.es

During our presentation, we conducted a live demo that connected perfectly with the talk by María del Campo Domínguez (Director of Infrastructure, Systems, and Domains at Red.es), who had told us about automation and AI in public aid programs.

The Scenario

We created an AI agent with n8n that helps process applications for the Kit Consulting program. The agent has access to an external API to verify the validity of applicant companies.

The Demonstration

Case 1 - Valid Application:

User enters a valid company tax ID
Atalaya evaluates the policy
The action is authorized ✅
The agent queries the external API
Response: application processed correctly

Case 2 - Data Leak Attempt:

User enters an individual's personal ID number (instead of a company tax ID)
Atalaya detects personal data in the request
The action is immediately blocked 🛑
Justification: GDPR violation (sending personal data of individuals to an external API)
The agent never executes the call
The data remains protected

Atalaya control panel during the presentation at the APTE B2B meeting on AI agents

Applicable Policies in Public Environments

In the context of the public sector (such as Kit Consulting or Kit Digital), Atalaya can apply specific policies:

GDPR compliance: Block sending personal data to unauthorized external services
National Security Scheme (ENS): Ensure that files are only resolved with authorized human intervention
Mandatory auditing: Complete record of all interactions for inspections
Data segregation: Prevent mixing information from different files or citizens

Event Context: A High-Level Session

The XV B2B APTE Meeting brought together companies, technology parks, and AI experts from across the Spanish innovation ecosystem. The online format allowed the participation of dozens of organizations representing the country's main science and technology parks.

Why You Need AI Governance Now

If your company is implementing or planning to implement AI agents, here are the questions you should ask yourself:

Do You Know What Your Agents Are Doing?

Do you have complete visibility into the APIs they invoke?
Can you audit all their actions retroactively?
Do you know what data they are sending to external services?

Are You Complying with Regulations?

GDPR: Do you control the processing of personal data by AI?
EU AI Act: Do you have a record of decisions for high-risk systems?
ENS (public sector): Do you guarantee traceability of all operations?

What Happens When Something Goes Wrong?

Can you demonstrate that you implemented adequate security measures?
Do you have auditable logs to investigate incidents?
Can you respond to an AEPD inspection?

Lessons from the B2B Meeting

The session made one conclusion clear: generative AI is here to stay, but it needs serious governance.

Three Key Takeaways

1. Traditional guardrails are not enough
As Paco Benítez demonstrated, using AI to control AI is a fundamentally fragile approach. Incidents at Anthropic, Meta, and other tech giants confirm this.

2. Compliance is not optional
María from Red.es emphasized the importance of automation in public programs, but with guarantees. The public sector must lead by example in transparency and data protection.

3. Governance must be proactive, not reactive
We cannot wait for an incident to occur. Policies must be implemented from the design stage (privacy by design, security by design).

How Atalaya Fits into Your AI Stack

Atalaya does not replace your AI agents; it makes them secure and auditable. It integrates easily with:

Agent frameworks: LangChain, LlamaIndex, AutoGPT, n8n
LLM platforms: OpenAI, Anthropic, Azure OpenAI, local models
Enterprise systems: CRMs, ERPs, databases, internal APIs
Cloud infrastructure: AWS, Azure, Google Cloud, on-premise

Integration Architecture

User → AI Agent → Atalaya (policy evaluation) → Approved/Denied Action
                            ↓
                    Auditable Record

Every time your agent wants to execute an action (call an API, access a database, send an email), Atalaya evaluates whether it complies with the defined policies. Only if it passes all checks is the action executed.

Next Steps: Implement Governance in Your AI

If after reading this you are wondering how to implement deterministic governance in your AI agents, we have good news.

What We Can Do for You

✅ Audit of current agents: We assess what risks you have today
✅ Policy definition: We help create specific policies for your sector
✅ Atalaya implementation: Technical integration into your infrastructure
✅ Team training: We train your technical and compliance team
✅ Ongoing support: We adjust policies as your needs evolve

Sectors Where Atalaya Makes a Difference

Public sector: ENS compliance, GDPR, administrative transparency
Banking and finance: Protection of financial data, regulatory compliance
Healthcare: GDPR in health data, medical confidentiality
Legal: Client-attorney confidentiality, case file protection
Companies with ISO certifications: Audit and traceability

Additional Resources

If you want to delve deeper into AI governance and intelligent agents, these resources will be useful:

PTE Disruptive Platform: Network of technology parks specialized in disruptive technologies
APTE - Spanish Association of Science and Technology Parks: Spanish innovation ecosystem
Red.es - AI Initiatives: Public programs supporting digitalization
IBM - AI Agents Guide 2026: Educational content on intelligent agents
EU AI Act: European regulation of AI systems

Acknowledgments

We want to express our sincere gratitude to APTE (Spanish Association of Science and Technology Parks) and the Health Technology Park Foundation (PTS) for giving us the opportunity to participate in the XV B2B Online Meeting.

This event was a perfect example of how the Spanish innovation ecosystem is leading critical conversations about the future of AI. Events like this are essential for building a common framework of best practices and governance that benefits the entire business and technology ecosystem.

Thanks also to all the speakers and participants for their contributions, which greatly enriched the debate on digital transition and generative AI agents.

Conclusion: Governance is the Key to Success

The APTE session left a crystal-clear message: generative AI without governance is an unacceptable risk. The incidents at Taco Bell, Chevrolet, Air Canada, and others are not isolated anecdotes; they are symptoms of a systemic problem.

Atalaya offers a clear response: deterministic policies, complete auditing, and protection by design. It is not magic; it is serious engineering applied to a real problem.

If your company is implementing AI agents or plans to do so soon, let's talk. We can help you deploy AI with confidence, compliance, and peace of mind.

Want to Know More About Atalaya?

We are available for personalized demos, risk audits, and technical consultations. Contact us and we will show you how to protect your AI agents from day one.

Montevive AI - Secure and Privacy-First Artificial Intelligence 🇪🇸

📧 Contact us
🔗 Learn more about Atalaya
🎯 Use cases in production

Back to blog

/ Blog /