pliuzv0.1.x

Our pivot

From "Govern Any AI Agent" to "Every Invoice Checked": Why We Pivoted

The product did not change. The policy engine, the Slack integration, the hash-chained audit trail — all the same. What changed was the problem we pointed it at. Nobody searches for "AI governance." Everyone searches for "why did we pay this invoice twice?"

Jorge Juan Moscoso Chacón, Co-founder & CTO, Pliuz
Jorge Juan Moscoso Chacón · Co-founder & CTO, Pliuz

Published July 17, 2026 · 7 min read

In short

We started as a horizontal AI governance layer — "gate any risky agent action, any framework, any team." It was technically elegant and commercially dead. Nobody was searching for "AI agent governance." Nobody had budget for "agent approval gates." We were selling prevention of a problem that, for most companies, had not happened yet.

So we pivoted. Not the product — the problem. The policy engine, the Slack integration, the hash-chained audit trail, the SDKs — all unchanged. What changed was where we point it: invoice exceptions in accounts payable. The 15-25% of invoices that do not match expectations — duplicates, IBAN changes, splitting, bad scans. That is a pain every CFO lives with today, can quantify in euros, and is under growing regulatory pressure to control.

Key takeaways

  • "AI governance" is not a category buyers search for. It is a solution looking for a problem. CFOs search for "why did we pay this twice," not "agent approval gate."
  • The pivot was vertical, not technical. Same engine, same SDKs, same audit trail. New default policies, new demo, new messaging — pointed at a pain people will pay to solve today.
  • Invoice exceptions are universal, quantifiable, and urgent. Every company processes invoices. The cost of exceptions is measurable. And e-invoicing mandates + EU AI Act create regulatory pressure.
  • The horizontal product is not dead.The SDKs gate any agent action. We just focus our go-to-market where the buyer's pain is most acute.

The horizontal thesis: govern any agent action

Our original pitch was clean and abstract:

from pliuz import gated

@gated(policy="big-payment-veto")
def send_payment(amount, recipient):
    return bank.transfer(amount, recipient)

Any tool call, any agent, any framework. LangGraph, CrewAI, Vercel AI SDK, custom Python — wrap it with @gated, attach a policy, and every high-risk action goes through a human approval gate before it executes. The policy engine is deterministic (JSONLogic, 14 operators, no eval, no exec). The audit trail is tamper-evident (SHA-256 hash chain, Ed25519 signed export). The SDKs are open-source (Apache 2.0, pip install).

It was a good product. It solved a real problem — for the 5% of companies that already had AI agents in production and were worried about control. The other 95% were not there yet. They were not searching for "agent governance" because they did not have agents to govern. And the ones who did have agents were not yet willing to pay for governance — they were still trying to ship features.

We talked to CTOs, Heads of AI, and platform engineers. The feedback was consistent: "This is cool. We will need it eventually. Come back in six months."

The problem with horizontal
Horizontal products solve a problem category, not a problem. When the buyer asks "what problem does this solve?" and your answer is "any problem involving an agent making a risky decision," you do not have a wedge. You have a platform — and platforms require distribution, capital, and time that early-stage companies do not have.

The conversations that changed our mind

The shift started when we stopped talking to CTOs and started talking to CFOs and Heads of Finance. The conversations were completely different:

  • "How many invoices are exceptions?" — 15-25%. Every company, every industry, every size.
  • "What does an exception cost you?" — €13-26 per invoice in manual processing time. Plus the cost of the ones they miss.
  • "Do you check if the IBAN changed?" — Silence. Then: "No. Should we?"
  • "Do you aggregate invoices per supplier per day?" — More silence.
  • "What happens when an auditor asks how you control AI in finance?" — "We have a policy document." Not a technical control. A PDF.

These were not hypothetical problems. These were problems people were living with today, could quantify in euros, and were under regulatory pressure to address. The EU AI Act (Article 14, human oversight; Article 12, record-keeping) is enforceable from August 2026. E-invoicing mandates are rolling out across the EU through 2028. Verifactu (chain-of-records) is live in Spain.

And nobody was selling them a solution. The ERPs handle the 85% that works. The 15% that does not work — the exceptions, the fraud, the blind spots — was being handled with spreadsheets, email chains, and hope.

The pivot: same engine, different ammunition

The realization was simple: we already had the engine. A deterministic policy engine that evaluates signals and routes to human approval. A Slack integration that delivers interactive cards. A tamper-evident audit trail. Open-source SDKs. The infrastructure was built — we just needed to load it with the right policies.

So we wrote four AP-specific signals:

  • dup_score — document hash (NIF + invoice number + amount + date). Exact match = 1.0. Fuzzy match scored 0.8-0.95.
  • iban_changed — normalized IBAN comparison against supplier master data. Boolean.
  • splitting_window — rolling 24-hour sum per supplier (by tax ID). Flagged when total crosses a configurable threshold. This is the approval laundering signal.
  • low_confidence — OCR confidence score. Below threshold = force human review, never auto-approve.

And six policy templates: duplicate detection (auto-reject exact, notify fuzzy), IBAN review (notify, never auto-approve), splitting window (notify), PO variance (notify), low confidence (notify), and small-clean-autoapprove (auto-approve invoices under a threshold with no signals).

The pivot took two weeks of engineering. Not because the product changed — because the policies, the demo, and the messaging had to be rebuilt for a finance audience instead of a platform engineering audience.

What stayed the same

Everything that matters:

  • Policy engine — JSONLogic, 14 operators, deterministic. No LLM in the critical path. Same engine that gates any agent action, now pre-loaded with AP signals.
  • Slack integration — interactive cards with Approve / Edit / Reject. IBAN redacted in the card body (GDPR + antifraud). Same OAuth flow, same retry logic.
  • Audit trail — SHA-256 hash chain, Ed25519 signed export, pliuz_verify_chain() SQL function. Verifiable offline by an auditor without depending on us.
  • SDKs — Python and TypeScript, Apache 2.0, open-source. Still general-purpose — @gated still gates any function call.
  • Infrastructure — Supabase (Frankfurt, EU-hosted), RLS on every table, AES-256-GCM field-level encryption, service-role key isolation.

The horizontal product is not dead. A team that wants to gate a customer support agent's refund authority, or a DevOps agent's deployment action, can still use the SDKs and write their own policies. But our go-to-market — our demo, our content, our outbound — now focuses on the invoice exception use case. Because that is where the pain is, and that is where the buyer is.

What we learned

Three lessons for other founders considering a similar pivot:

1. If nobody searches for your category, you do not have a category. You have a solution looking for a problem. "AI governance" is a term that vendors use, not buyers. Buyers search for "invoice fraud detection," "duplicate payment prevention," "IBAN verification." Meet them where they are searching.

2. The best vertical is universal, quantifiable, and urgent. Every company processes invoices (universal). The cost of exceptions is measurable in euros (quantifiable). And regulatory deadlines — e-invoicing, EU AI Act, Verifactu — create a clock that forces action (urgent). If your vertical is missing one of these three, the sales cycle will be long.

3. A pivot does not mean throwing away your product. It means pointing the same product at a problem people will pay to solve today, not one they might pay to prevent tomorrow. The hardest part of our pivot was not engineering — it was admitting that the horizontal thesis was not working and that we needed to change the story we were telling, even though the product was already good.

Where we are now

We are now an Invoice Exception Agent. We review every supplier invoice, detect four deterministic signals, route the exceptions to a human via Slack, and record every decision in a tamper-evident audit trail. The 85% of invoices that match expectations are auto-approved. The 15% that do not are the ones that cost money — and the ones we catch.

The horizontal SDKs are still there, still open-source, still general-purpose. But if you ask us what Pliuz does, the answer is not "we govern AI agents." The answer is: "we make sure you never pay an invoice you should not have paid — and we can prove it to your auditor."

That is a problem people will pay to solve today. And that makes all the difference.

Sources & further reading

Frequently asked questions

Why did Pliuz pivot from horizontal AI governance to invoice exceptions?

Because "AI governance" is a category that does not exist in the mind of the buyer. CFOs do not search for "agent governance" — they search for "why did we pay this invoice twice?" and "how do I stop IBAN fraud." The horizontal pitch was abstract prevention of a problem that has not happened yet. The vertical pitch addresses a concrete, quantifiable pain that every finance team lives with today: 15-25% of invoices are exceptions, and the structural blind spots (duplicates, IBAN changes, invoice splitting) cost real money. The product — policy engine, Slack integration, audit trail — did not change. Only the problem it is pointed at changed.

Did the product change during the pivot?

No. The core architecture is identical: a JSONLogic policy engine (deterministic, no LLM in the critical path), Slack interactive cards with Approve/Edit/Reject buttons, a SHA-256 hash-chained audit trail with Ed25519 export, Supabase with row-level security, and open-source SDKs. What changed was the default policy templates (now pre-configured for AP signals: duplicate detection, IBAN comparison, splitting windows, OCR confidence) and the messaging. The engine is the same — we just loaded it with the right ammunition.

What is an Invoice Exception Agent?

An Invoice Exception Agent is an automated system that reviews every incoming supplier invoice, computes deterministic signals (duplicate score, IBAN changed, splitting window, OCR confidence), and routes only the exceptions — the 15-25% that do not match expectations — to a human approver via Slack. The 85% that match are auto-approved. Every decision, auto or human, is recorded in a tamper-evident audit trail. It is a specific application of a general-purpose approval gate to the accounts payable domain.

Is the horizontal governance product still available?

Yes. The SDKs (Python and TypeScript) and the policy engine are general-purpose — they can gate any agent action, not just invoice validation. The pivot was about where we focus our go-to-market and which policy templates ship by default. A team that wants to use Pliuz to gate, say, a customer support agent's refund authority can still do so. But our sales effort, demo, and content now focus on the invoice exception use case because that is where the buyer's pain is most acute and most quantifiable.

What can other founders learn from this pivot?

Three things. First, if nobody is searching for your category, you do not have a category — you have a solution looking for a problem. Second, the best vertical to pivot into is one where the pain is universal (every company processes invoices), quantifiable (you can calculate the cost of exceptions), and urgent (regulatory deadlines are approaching). Third, a pivot does not mean throwing away your product — it means pointing the same product at a problem people will pay to solve today, not one they might pay to prevent tomorrow.

Keep reading