Leave a Comment / Technology
ais hidden cost no it strategy llc strategi brieifing banner image

The AI Agent Invoice Is the Smallest Number

By Nate Olson, Fractional IT Director & vCIO | N.O. IT Strategy LLC

Your CEO wants to deploy an AI agent, your security advisor wants to stop them. They’re both looking at their half of the equation.

I keep seeing the same 2 posts on LinkedIn. The first one says AI will streamline your business, cut costs, and make everything faster. The second one says AI is a governance nightmare full of risk and vulnerability.

Both are right, however, neither one gives you the real number you can take to a budget meeting.

So let’s build the actual equation.

Table of Contents

Column One: The number you see

When a vendor quotes you an AI deployment, you get 1 number. The cost of the Copilot license, with the consultant’s fee, or the MSP’s project rate.

That number is real. It’s also the smallest number in the project, and it’s usually the only one forcasted in the budget.

S&P Global Market Intelligence surveyed over 1,000 enterprises in early 2025. 42 percent had abandoned most of their AI initiatives, up from 17 percent the year before. The failure rate more than doubled in 1 year. The average company scrapped 46 percent of its AI proofs of concept before they ever reached production. The top reasons cited: cost, data privacy, and security risks.

Read that list again. Cost, privacy, security. Those aren’t technology failures. They’re the 3 columns nobody put in the budget.

There are 4 columns total. Here’s the rest of the equation.

Column 2: Readiness. What has to be true before you flip the switch

Here’s the part the invoice never mentions.

An AI agent inherits the condition of your environment. Microsoft 365 Copilot is the clearest example. Copilot surfaces anything a user technically has access to. Not what they should have access to. What they technically have.

Most businesses are sitting on years of permission sprawl. Sites shared with “everyone.” Broken inheritance. Anonymous links nobody remembers creating. Concentric AI analyzed over 550 million records and found that 16 percent of business-critical data is overshared. The average organization in their analysis had roughly 802,000 files at risk.

Turn on Copilot in that environment and any employee can ask for executive compensation, M&A documents, or HR records, and Copilot may surface them on Day 1.

This is so common that Microsoft published an entire remediation blueprint for cleaning up oversharing before deploying its own product. You read that correctly, the vendor wrote a cleanup manual for the mess you’ll find when you install what they sold you.

The real-world impact: a Gartner survey of 132 IT leaders found data oversharing forced 40 percent of them to delay their Copilot rollout by 3 months or more. 64 percent said governance and security risks consumed significant time and resources during deployment.

That work is the readiness cost.:

  • Permission cleanup
  • Data classification
  • Least-privilege scoping for the agent itself
  • Conditional Access
  • An acceptable use policy
  • Training

It’s often a multiple of the first-year license cost, and it’s due before go-live whether you budgeted it or not.

Column 3: Operation. The agent is never done costing you money

Deploying the agent is the beginning, not the end.

Somebody has to monitor what it does. Evaluate its outputs, catch hallucinations before customers do and watch consumption costs that scale with usage instead of sitting flat like a license.

Uber learned this in real time, they rolled out AI coding tools to roughly 5,000 engineers in December 2025 and as expected adoption took off. Per-engineer costs ran $500 to $2,000 a month, by April 2026, 4 months in, they’d burned through their entire annual AI budget. Their CTO told The Information he was back to the drawing board because the budget he thought he’d need was already blown away.

Uber’s fix tells you everything. They capped agentic tool spending at $1,500 per engineer per month. The control existed the whole time. Nobody priced it into the deployment.

That’s a company with a finance department most SMBs can only dream of. If they didn’t see column 3 coming, the average 40-person company being pitched an agent by their MSP most likely won’t.

Column 4: Exposure. What it costs when the agent is wrong

This is the column the CEO rarely sees and the security crowd sees exclusively.

Air Canada’s chatbot told a grieving customer he could apply for a bereavement fare discount after booking. That information was wrong. When he filed the claim, Air Canada refused and then argued in front of a tribunal (court) that the chatbot was a separate legal entity responsible for its own actions.

The tribunal called that a remarkable submission and ruled the company liable for everything on its website, chatbot included. Damages: $812.02.

That dollar amount may seem insignificant. The precedent isn’t, your AI speaks for your company, full stop. When your agent tells a customer something is in stock, covered, or eligible, you’re on the hook for it.

Then there’s the breach surface. McDonald’s used an AI hiring chatbot called Olivia on its McHire platform. In 2025, security researchers accessed roughly 64 million applicant records. The way in wasn’t some exotic AI exploit, an admin account used 123456 as both the username and the password with no MFA.

The AI wasn’t the vulnerability, the infrastructure around the AI was. Every agent you deploy is a new credential, a new access path, and a new line item your cyber insurance carrier will eventually ask about. If you read my cyber insurance briefing, you already know what misrepresented controls cost when the claim comes.

The aggregate picture comes from EY, which surveyed 975 executives at companies over $1 billion in revenue. 99 percent reported financial losses from AI-related risks. 64 percent lost more than $1 million. The average loss: $4.4 million.

Those are big companies. The percentages aren’t a big-company problem. They’re a deployed-without-the-full-equation problem, and SMBs have thinner margins to absorb it.

The Microsoft tell

Here’s the strongest signal that all of this is real, and it came from Microsoft itself.

In late 2025, Microsoft launched Agent 365, a control plane for managing AI agents, paired with Entra Agent ID. Every agent gets its own identity. A registry inventories every agent in the organization, Microsoft or not. Agents get assigned a sponsor, a human accountable for them. Lifecycle workflows make sure an agent’s access doesn’t outlive its purpose. Conditional Access applies to agents the same way it applies to people.

In other words, Microsoft just told you that agents are employees. They need identities, managers, least-privilege access, and offboarding.

I think it’s one of the smartest moves Microsoft has made in this space, precisely because it’s an admission. You don’t build an HR system for software unless software has started behaving like headcount. The unmanaged agent sprawl problem is real enough that the largest software company on earth built a product category to contain it.

One more thing it admits: management costs money. Agent 365 carries its own licensing, and the security features underneath it assume Entra ID P1 or better. Even the tooling for controlling agent costs is another agent cost.

The full equation

So here’s the math nobody’s posting:

True cost = Acquisition + Readiness + Operation + Exposure

The CEO budgets column 1 and projects the revenue. The security advisor prices column 4 and ignores the revenue. Both are doing their jobs. Neither is doing the math.

The honest answer isn’t “don’t deploy.” Plenty of AI deployments pencil out, even with all 4 columns filled in. Some don’t, and you want to know which kind you’re holding before the contract is signed, not 6 months after.

That requires somebody at the table who’s paid to see both sides. Not the vendor, who profits from column 1. Not the fear merchant, who profits from column 4. Somebody on your side of the table who can put the whole equation on 1 page and let you make a business decision with real numbers.

That’s the seat I sit in.

If you’re being pitched an AI deployment right now and the proposal has 1 number on it, that’s not a price. It’s a down payment. Let’s find the rest of the number before you sign.

Sources

  • RAND Corporation, “The Root Causes of Failure for Artificial Intelligence Projects and How They Can Succeed” (RR-A2680-1, 2024)
  • Concentric AI, Data Risk Report (550M+ records analyzed)
  • Gartner survey of 132 IT leaders on M365 Copilot deployment, June 2024, as reported by Computerworld
  • Microsoft Learn: Microsoft 365 Copilot oversharing deployment blueprint; Microsoft Agent 365 and Microsoft Entra Agent ID documentation
  • The Information, “Uber CTO Shows How Claude Code Can Blow Up AI Budgets,” April 14, 2026; Bloomberg, June 2, 2026 (spending cap confirmation)
  • Moffatt v. Air Canada, 2024 BCCRT 149 (British Columbia Civil Resolution Tribunal, February 2024)
  • Wired reporting on the McHire/Paradox.ai data exposure, July 2025
  • EY Responsible AI Pulse survey, October 2025 (975 C-suite respondents, 21 countries)

Leave a Comment

Your email address will not be published. Required fields are marked *