Engineer Builds Legal AI Firewall to Bypass Corporate ChatGPT Ban Under EU AI Act

In a groundbreaking case of grassroots compliance innovation, a software engineer at a European enterprise has developed an AI governance middleware that allows his company to legally use generative AI tools—despite an outright corporate ban triggered by fears of EU AI Act penalties. The solution, named Juicio por Prompt (JPP), functions as a real-time legal firewall that intercepts, evaluates, and sanitizes AI prompts before they reach external models, effectively turning shadow AI usage into a compliant, auditable workflow.

According to a detailed post on Reddit by the engineer, who goes by u/Revolutionary-Pay803, the company’s IT and legal teams had abruptly blocked access to ChatGPT, Claude, and GitHub Copilot after the enactment of the EU AI Act, which imposes fines of up to €35 million for violations such as using AI to evaluate job candidates or processing personal data without safeguards. The ban, however, backfired: employees resorted to using personal devices and unmonitored consumer AI tools, creating greater data exposure risks and crippling productivity.

Undeterred, the engineer spent weeks studying the 144-page EU AI Act and engineered JPP as a corporate AI gateway that sits between users and external LLMs. The system operates as a multi-agent tribunal that analyzes prompts in under 1.5 seconds. First, a Retrieval-Augmented Generation (RAG) legal agent cross-references the prompt against a vectorized database of the EU AI Act’s text. If the request involves high-risk activities—such as CV screening under Article 6—the system triggers a mandatory human-in-the-loop review per Article 14, halting the request until approved by a supervisor.

For prompts that are legally permissible but contain sensitive data—like names, phone numbers, or DNI numbers—JPP employs an automated data sanitization module that replaces personally identifiable information (PII) with anonymized tags like <PERSONA> or <TELEFONO>. All interactions are logged with cryptographically secure SHA-256 hashes stored in a PostgreSQL chain, creating an immutable forensic audit trail that satisfies regulatory requirements. The entire system is Dockerized, integrates with enterprise SSO via OIDC (including Microsoft Entra ID), supports private or on-premise models like Ollama and Azure AI, and ensures zero data leaves the corporate VPC.

The engineer conducted a blind test with novel jailbreak attempts and reported a 98.33% containment rate against zero-day prompt injections, with 100% detection of known violations. He has publicly released raw audit logs and latency metrics to validate transparency, inviting other enterprises to test the system as beta users in exchange for rigorous feedback. The project’s success has led to the reversal of the original AI ban within his company, with JPP now the sanctioned entry point for all generative AI usage.

This innovation signals a paradigm shift in AI governance: rather than blanket bans, organizations may now adopt proactive, technical compliance frameworks that enable innovation while adhering to strict regulations. Legal and security teams are increasingly recognizing that AI risk cannot be managed by prohibition alone—but by intelligent, automated enforcement. As the EU AI Act enters full enforcement in 2025, JPP offers a replicable blueprint for enterprises seeking to harness AI’s potential without risking catastrophic fines.

The engineer has not open-sourced JPP publicly but is offering free beta access to 10 organizations. Interested CTOs, DPOs, or security teams can request access by commenting “AIACT” on his Reddit thread.