Home Platform Implementation Transformation Use cases Blog About Get started
Back

What is ungoverned AI costing you?

Ungoverned AI

In May, a story made the rounds that should worry every CFO and every CISO at the same time: a large company reportedly burned through roughly $500 million in a single month of AI usage. Not on a failed project and not on infrastructure. Instead, on AI usage. Employees and agents running long, unchecked workflows against a frontier model, with nobody watching the meter. Finance found out the way most finance teams find out about AI spend today: when the bill arrived.

Around the same time, OpenAI's CEO admitted on stage that customer complaints about token costs have gone from non-existent at the start of the year to, in his words, "a huge issue". The line he quoted from customers:

"My company spent my entire 2026 budget in Q1."

How did we get here? For the last year, the dominant metric for AI adoption was volume.

Several large companies ran internal leaderboards ranking employees by token usage, on the theory that more tokens meant more productivity. The predictable thing happened: people optimized for the leaderboard. Engineers spun up agents to do meaningless work just to keep their numbers up. Usage went vertical. Productivity didn't.

The boards have noticed and (in the space of one quarter) went from asking about expediting AI adoption to demanding the ROI rationale.

…And here is the uncomfortable part: almost nobody can answer it.

Not because the answer doesn't exist - but because the instrumentation doesn't. Most organizations today have less visibility into their AI spend than into their travel expenses(!).

There is no attribution by team, by user, by model or by workflow. There is no way to distinguish the developer whose coding agent is paying for itself ten times over from the workflow that has been quietly burning tokens in a loop since March. There are no budget caps, so the first signal of a problem is the invoice. The visibility model is a credit card statement, applied to a cost that behaves like a utility bill.

This is not primarily a finance problem. It's a control problem, and it has a security twin. The same gap that hides cost also hides activity: if you can't say what a token was spent on, you also can't say who spent it, on which data, through which tool. One CISO described to us a full breach response his SOC launched over what looked like lateral movement across internal systems - hours of senior incident-response time, real money - that turned out to be his own developers, doing legitimate work with agents nobody could see or attribute.

Cost and control are the same question asked by two different departments. The answer to both lives in the same place: the point where every AI call can be identified, decided, metered and logged - before it reaches a model. Put a control plane there and the CFO gets live spend by department, user and model, with caps and alerts in front of the surprise instead of behind it. The CISO gets every action attributed to a person, a role and an agent. The committee gets an audit trail it owns.

If you want to know what ungoverned AI is costing you right now, you don't need a platform to start - you need four numbers from your own environment:

  1. Your monthly AI spend, multiplied by the share of it nobody can attribute. (When organisations look for the first time, fifteen to thirty percent typically has no owner.)
  2. Security incident spin-ups triggered by ungoverned AI activity, times the hours each one burns, times what those hours cost.
  3. The point tools you're running - or evaluating - for spend tracking, AI monitoring and policy, counted separately.
  4. The hours it takes to answer an auditor asking "who used what, when, and was it allowed?"

Add them up and that's your number. For most organizations it's larger than they expect, and it's growing with every agent someone spins up.

The token shock stories will keep coming - pricing models built on consumption don't forgive inattention. The organizations that come out of this well won't be the ones that used the most AI or the least. They'll be the ones that can say, with evidence, what it cost and what it returned.

MisaLabs builds the enterprise AI control plane: access, audit and cost governed at one gateway, deployed entirely in your environment. If you'd like to work out your number with us, it takes 30 minutes.

Talk to us →