Skip Navigation
Your AI Budget Is a Black Box. Here’s How to Open It. 

Your AI Budget Is a Black Box. Here’s How to Open It. 

Author: Phil Demro
Date: June 26, 2026

Most enterprise software charges per seat. You buy 500 licenses and you know what your January will cost. AI doesn’t work that way.

Costs for token-consuming apps scale with usage, driven by every prompt, token and agentic loop. There’s no ceiling built in. A single team testing a new model can burn more budget in a weekend than a department burns in a month. And unlike SaaS, the vendors don’t cap you and they’re happy to send the invoice. This usage-based model makes AI budgeting significantly more complex.

This is a fundamentally different cost model, and most organizations are still budgeting for it like its Salesforce. It isn’t.

The same visibility you need for AI applies across your entire software stack. Reduce unnecessary software spend and improve control over renewals and software license management.

The immediate risk is financial, but the deeper problem is accountability.

Today, most companies can pull up an invoice from Anthropic or OpenAI and see a total. What they can’t do is answer the next question on AI spend: which team spent that? on what? was it worth it?

Without attribution, AI spend is a black box. Finance can see the total but can’t allocate it. The teams using the tools can see the output but can’t quantify the value. And when the board asks whether your AI investment is generating returns, nobody has an answer because nobody has that data.

According to EY’s 2025 Responsible AI survey, 99% of organizations deploying AI reported financial losses tied to inadequate controls, averaging $4.4 million. The money isn’t disappearing because AI doesn’t work. It’s disappearing because no one is watching where it goes.

When leadership sees the problem, the first conversation usually goes the same way. Someone on the platform or engineering team says, “we can build something – there’s an open-source proxy we can stand up in a week.”

It’s a reasonable instinct, but here’s what that path actually looks like.

The tool they’re most likely to recommend (LiteLLM, with 97 million monthly downloads) was hit by a critical supply chain attack in March 2026. Malicious packages published to PyPI harvested API keys, cloud credentials and Kubernetes tokens from every machine that installed them. The breach exfiltrated four terabytes of data from at least one major AI company.

This is the risk of delegating AI governance to a tool your team found on GitHub. It’s not that they can’t get it running. It’s that running it isn’t the hard part; securing it, maintaining it across providers and operating it at production scale is. And that’s not their day job.

The question for leadership when it comes to AI spend isn’t whether to build or buy. It’s whether AI governance is something you want your team to solve on the side or something you want solved properly.

The goal isn’t to slow AI adoption down, it’s to make sure it doesn’t outrun your ability to manage it.

A governed AI budget operating model has a few non-negotiable characteristics:

Your AI bill should be a number you set, not a number you discover at the end of the month. That means hard caps at the department, project and team level, enforced before the spend happens.

Every token consumed should be traceable to a team, a project and a purpose. Not for micromanagement, for accountability. When a business unit’s AI spend spikes, you should know why before the invoice arrives.

Prompts should never be stored in the governance layer. Only usage metadata like who requested, when, how many tokens, which model. If the layer is compromised, the blast radius is an access log, not a data breach.

If adoption requires a rollout or a workflow change, it won’t happen. For the teams consuming AI today, integration should be two config values, a key and a URL, and nothing else changes.

If you want to stop using the governance layer, you point your tools directly at the AI provider. One config change and done.

This is the approach behind Withum’s AI governance tool our advisory team built specifically to solve this problem. It deploys in your environment, runs in your security perimeter and gives you a single control plane across every major LLM provider. No prompts stored and no vendor lock-in. If the proxy goes down, your organization chooses whether to fail open or fail closed, a policy decision you make and not a technical limitation you accept.

Standing up a governance layer is technical work. Deciding what policies to enforce is the actual organizational work.

What should the token cap be for a department? How do you set limits that protect the budget without throttling the teams that need capacity most? What’s the escalation path when a project legitimately needs more? How do you report AI spend to the board in a way that connects cost to value?

These aren’t questions a tool answers, they’re questions that require understanding how your organization operates, manages risk and makes investment decisions. Getting the technology right is table stakes.

Getting the operating model right is what determines whether AI adoption scales or stalls.

Most organizations that try to solve this internally discover the same thing: the tooling is the straightforward part. The hard part is the governance framework around it. And that’s where outside perspective tends to pay for itself fastest.

The bad news is that the controls didn’t keep up and every quarter without governance is another quarter of spend you can’t explain, risk you can’t quantify and value you can’t prove. The organizations that figure this out now won’t just save money. They’ll be the ones that can actually scale AI, because they’ll be the ones who can trust it and who can afford it with a proper AI budget in place.