Imagine this scenario.
It’s Tuesday night at 11:47 PM. Your senior SOC analyst is pulled into a critical, high-severity alert. A primary Domain Controller has flagged a deeply anomalous administrative command sequence originating from a mid-level employee’s standard workstation.
The analyst triggers “agents” on the organization’s cybersecurity platform to assist with her investigation: mapping the account’s full authentication timeline, cross-referencing internal network logs, scanning active threat intelligence feeds, constructing secondary lookup queries to hunt for lateral movement. The investigation is moving at machine speed.
Then the screen changes.
“You have reached your monthly AI limit. Upgrade to Enterprise Plus to continue. Your limit resets at 3:30 AM.”
When Your Security Platform Adds AI
Every cybersecurity vendor is racing to embed AI. The pitch is compelling: faster detection, autonomous investigation, agentic response. What is not getting enough attention is the pricing. As the industry rushes to add generative and agentic AI, security platforms are shifting from predictable software licensing to volatile, machine-driven consumption economics — and the bill is landing on CISOs with little warning and no ceiling.
To understand why, it helps to trace how AI has evolved inside cybersecurity platforms.
- Machine Learning (ML) operates on statistical matrices and behavioral baselines. Because it calculates mathematical distances between numerical data points rather than reading language, its token consumption is exactly zero. The “cost” of machine learning is measured in CPU cycles or GPU compute time, therefore there is no token variable cost.
- Generative AI (GenAI) serves as an interactive assistant or translation layer. It depends on a human in the loop — you type a prompt, it returns an incident summary, then goes idle. Token usage is bounded entirely by human text entry—small, linear, and highly predictable.
- Agentic AI removes the human bottleneck entirely. Given a single high-level goal — determine if this server is compromised — the agent spins up a multi-step execution loop. It autonomously calls APIs, parses raw logs, evaluates payloads, and continuously feeds that context back into the LLM to plan its next move. There is no human pacing the machine. The meter runs until the job is done.
The Token Meter Running in the Background
Enterprise software has historically billed on fixed, predictable metrics such as per-seat licenses or per-device/endpoint licenses. Frontier AI model providers work differently. They charge the software ecosystem per token — roughly three-quarters of a word — billing fractions of a cent for every word the machine reads (input tokens) and every word it writes (output tokens).
Anthropic’s Claude Sonnet 4.6 costs $3.00 per million input tokens and $15.00 per million output tokens. GPT-5.5 runs $5.00 per million input tokens and $30.00 per million output tokens. These are the costs vendors pay when they call commercial AI APIs — then passed through, marked up, or absorbed into SaaS subscription pricing that customers are often not equipped to evaluate.
LLM API prices have dropped roughly 80% between early 2025 and early 2026. This is genuine good news. But token economics in cybersecurity are unlike any other enterprise AI application — because the data volumes are orders of magnitude larger, and security functions can be more complex.
Alert triage — classifying a single alert with basic context — might consume 1,000 tokens. A guided investigation, where the AI pulls relevant telemetry and reasons across an event chain, may run 20,000–50,000 tokens per incident. A fully autonomous agentic loop is different in kind, not just degree. The agent or agents read hundreds of thousands of lines of raw text logs, formats complex API calls, evaluates payloads, and continuously feeds that context back into the model. A single complex, multi-stage incident investigation may burn millions of tokens in minutes. Now multiple this by the number of security alerts that are generated a day. Real-world cases are beginning to confirm the explosive rising costs of AI.
A single unidentified company recently ran up a $500 million Claude bill in one month simply by failing to put usage limits on employee licenses. Uber’s CTO burned through his entire AI budget for 2026 by April. And within cybersecurity specifically, when Palo Alto Networks began testing Anthropic’s Claude Mythos against its own source code, the model found more than two dozen critical vulnerabilities — but the company burned through more than $1 million worth of tokens doing it.
These are early signals of a structural mismatch between what frontier AI models cost to run and what security budgets are designed to absorb. The consequences for security operations are significant:
1. The Unpredictable Budget
For decades, CISOs operated with highly predictable budget frameworks. Moving to AI-powered security with token-based pricing turns cybersecurity into a variable operational expense with no natural ceiling. A major enterprise-wide malware outbreak or a prolonged insider threat campaign could require thousands of simultaneous autonomous investigations — potentially wiping out an entire quarter’s cybersecurity budget in a single weekend. No CISO has a contingency line for that.
2. Forced Operational Compromises
The SIEM industry spent years charging organizations for the amount of data ingested. Due to the costs, organizations started to limit the data they collected – leading to blind spots. AI token pricing dynamics create the same risks at a larger scale and faster pace. When organizations hit consumption limits mid-incident, security operations managers face an impossible choice: pay the overage, throttle the investigation, or revert to manual triage. In practice, teams may begin disabling agentic workflows or skipping deep automated triage on lower-priority alerts simply to preserve monthly token credits. The result is poor security outcomes.
3. Re-considerations of Deployment Architectures
The underlying deployment architecture will become a strategic decision that determines whether agentic security is viable at scale. Cloud-based architectures pass volatile AI costs directly to the customer: every reasoning loop, every API call, every multi-agent orchestration step runs on someone else’s infrastructure at someone else’s price. On-premises architectures address this with fixed local compute — hardware that can execute complex reasoning loops without token meters running in the background. For organizations that need agentic AI to run continuously at full depth, not in metered bursts, on-premises is the only architecture that makes the economics work.
The Intertwined Future
Let’s be honest about the scenario that opened this article. The specific error message — “You have reached your monthly AI limit. Upgrade to Enterprise Plus to continue” — is illustrative, not literal. Real-world token exhaustion in cybersecurity is unlikely to look like this. It may look like API timeouts that silently stall an investigation mid-chain, degraded response quality as a platform quietly switches to a cheaper model, or autonomous workflows that stop triggering on lower-priority alerts while the team assumes everything is still running. As AI consumption costs climb, expect a wave of new credit-based pricing models from cybersecurity vendors. Credit-based systems abstracts tokens into “operations” or “AI credits”. For vendors, credits solve a real margin problem — recovering volatile AI infrastructure costs without repricing every contract. For CISOs, this is a shift from predictable budgets to variable consumption economics, whether CISOs are ready for it or not.
But the underlying dynamic — frontier AI capability meeting security-scale and complexity — is real. We now have an intertwined future where the cybersecurity ecosystem and frontier AI model vendors are now permanently linked.
Security vendors cannot maintain a defensive advantage against automated adversaries without elite reasoning models. But, the winners in the machine-speed security race will not be the teams with the most powerful autonomous agents. They will be organizations who understand that AI in security is not a single technology — it is three distinct layers, each with its own cost model and the right job to do. Machine learning handles the continuous, high-volume detection work. Generative AI brings context and reasoning to investigation. Agentic AI closes the loop with autonomous action. The organizations that win will be the ones that select the right platform, architectures and AI models for optimal cybersecurity outcomes– without the economics (tokens or credits) becoming a constraint that adversaries exploit.
Related: Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay
