AI Cost Reckoning
We’ve gotten a pretty clear set of signals that AI inside organizations is moving from “interesting software” to something that behaves more like an operating expense, an operational workflow, and a security concern—all at once.
Start with the money. Reporting says Anthropic is shifting Claude Enterprise toward usage-based pricing—compute consumption—plus a per-user fee. Commit tiers and usage patterns will vary, but directionally: more metering, less predictability. For heavy users, bills can climb fast.
Next: output quality. The Guardian calls it ‘workslop’—AI output that looks fine until someone has to fix it. Executives say productivity is up; many workers say it saves them no time. When the output is wrong, it doesn’t fail loudly—it fails as rework.
And then security. The Verge reports Anthropic is positioning a cybersecurity-focused model for finding vulnerabilities—and says major companies and parts of the U.S. intelligence community have been testing it. Testing isn’t the same as production—but it’s a clear direction of travel: GenAI is moving into high-stakes environments.
Put those together and you get the pattern: variable cost, variable output, and rising stakes.
If you’re listening to this and you haven’t hit follow yet — Apple Podcasts, search Business of Tech. Takes five seconds, and you’ll get tomorrow’s show automatically.
If you’re watching this and you’re not subscribed — hit subscribe right now. Takes two seconds, and YouTube will make sure you don’t miss tomorrow’s episode.
AI Governance Gap
Here’s the mechanism: once GenAI touches real workflows, two properties dominate. It’s metered—cost scales with usage. And it’s probabilistic—outputs vary, and can be wrong. Put those inside a business process and you don’t have a software rollout problem. You have an operations problem.
Here’s what I mean. Imagine an AI tool drafting a client-facing incident summary. It pulls logs, retries, and rewrites—so usage spikes. Then it gets one detail wrong, like impact scope. Now you’ve got rework, escalations, and a dispute. That’s why you need cost controls, approval gates before external send, and logs that prove what sources were used and who changed what.
In a metered world, self-serve sprawl becomes financial volatility—so you need budgets, quotas, routing rules, and plain-English visibility for finance. In a probabilistic world, output can’t be treated as self-authenticating—so you need and a log trail that reconstructs who did what, with what data, and what changed. A ‘gate’ is a required check—automated or human—before an output can be sent externally, touch regulated data, or trigger a system change. That’s why the market is moving toward embedding controls directly into the workflow layer—because governance has to run at the same speed as the system.
When AI moves from ‘chat’ to ‘tool-calling against live ops data,’ that’s when metering and accountability stop being theoretical. You can see the shift in MSP platforms wiring GenAI into workflow. N-able launched an MCP server to connect third-party AI tools to live data in N-central and N-sight, paired with its in-product assistant, N-zo. The real story isn’t ‘an AI helper.’ It’s that once AI can act on operational data, governance must be enforced: what it can access, what it can do, what needs approval, and what gets logged—especially in multi-tenant environments.
Govern or Lose
The consequence for MSPs is that the market is quietly changing what “good service” means. It’s no longer enough to deploy the right tools and be available when something breaks. Clients are being pushed—by vendors, insurers, and their own operational reality—toward expectations of managed outcomes: faster containment, fewer gaps, and clearer accountability when automation and security controls are acting continuously in the background.
ConnectWise’s 15-minute SLA matters because it signals outcome contracting: response time in writing, backed by telemetry and workflow you can defend. And once clients get used to measurable response commitments, they start demanding measurable AI controls, too—cost ceilings, review rules, and audit trails. That same expectation is coming for GenAI operations. Clients won’t buy ‘the AI is accurate.’ They’ll buy cost ceilings, approval rules, and evidence—logs you can produce after an incident or a disputed output.
Aura’s BYOD push matters as precedent: the market rewards providers who wrap messy, partially unmanaged surfaces in policy, visibility, and defensible logs—and GenAI is the next unmanaged surface.
Why Do We Care?
Because this breaks the MSP business model in three very specific ways.
First, metered AI collides with fixed-fee support. If your client can spin up usage at the department level and the bill scales with tokens and compute, then “we’ll reconcile later” becomes “we’ll eat it later.” Even if the AI invoice is pass-through, the variance shows up in your world as escalations, finance calls, and emergency governance work you didn’t price. Unmanaged AI turns cost spikes into service tickets.
Second, probabilistic output creates invisible labor. Bad output doesn’t fail loudly. It fails as rework: humans correcting summaries, cleaning up drafts, validating recommendations, and undoing automation that fired with the wrong context. That time doesn’t land in an AI line item. It lands in the client’s productivity loss and your support load—and then it becomes a dispute about whether the tooling was “worth it.”
Third, when AI touches security-relevant workflows, you inherit an evidence problem. The question after an incident isn’t “did the AI help?” It’s “who used it, what did it access, what changed, and what controls were enforced?” If you can’t produce logs, approvals, and policy proof on demand, you don’t have governance—you have opinions. That’s where liability, insurance friction, and contract conflict live.
So the decision is operational, not philosophical: either you sell AIOps for GenAI as a control plane with monthly evidence, or you operate as the shock absorber for spend volatility, rework, and accountability.
What to Consider
If you want to productize AIOps for GenAI, make it operational and billable in three buckets. First is cost governance—set budgets and quotas by user, department, and application, define what happens when someone hits the limit (block it, require approval, or route the request to a cheaper model), and produce monthly showback that ties spend to workflows, not just tokens. Second is output assurance—publish an allowed-use catalog so everyone knows what’s allowed, blocked, or review-required, enforce approval gates anytime content goes external, touches regulated data, or triggers system changes, and run ongoing evaluation sampling so model or prompt updates don’t silently break workflows. Third is compliance-ready controls—capture defensible logs that include prompts, outputs, tool calls, identity, timestamps, and retention rules, lock down connectors with clear data-handling policies, and keep an incident playbook plus an exception register so you can prove what happened when something goes wrong. And if you can’t measure it, enforce it, and report it monthly, it isn’t a managed service.
If this trend continues, “AI admin” becomes a billable control plane: MSPs that don’t sell AIOps for GenAI will be forced into eat-the-overage support, while MSPs that do will standardize AI consumption into enforceable budgets, auditable logs, and output SLOs—and they will be the only ones with defensible margins.