AI token economy breaks the old SaaS budget model

At a glance

What this is: This is an analysis of how AI tool adoption replaces seat-based SaaS budgeting with token-based consumption, with Cursor used to illustrate the visibility and governance gap.

Why it matters: It matters because IAM, IGA, and security teams need a way to govern AI usage, shadow accounts, and connected tools without relying on browser-only discovery or point-in-time reviews.

👉 Read JumpCloud's analysis of AI token spend and Cursor governance

Context

AI tooling changes the control problem because cost, access, and usage now move together. In a token economy, a single account can create material financial exposure without creating a corresponding licensing event, which makes traditional SaaS inventory controls too slow and too shallow for practical governance.

For identity teams, the issue is not just spend management. AI tools introduce shadow accounts, external model connections, and usage paths that are only visible when the platform integrates directly with the service, so the governance model has to cover both entitlement and consumption.

Key questions

Q: How should security teams govern AI tools that bill by token usage?

A: Security teams should treat token-based tools as governed identities plus consumption systems. That means tying spend to named users and teams, reviewing access to connected services, and reconciling shadow accounts through the same lifecycle processes used for other non-human identities. Budget visibility and entitlement visibility need to be managed together.

Q: Why do AI tools complicate traditional SaaS discovery?

A: Many AI tools are consumed through APIs, desktop workflows, or embedded connectors rather than browser-based sessions. That means extension-based discovery can miss active usage, external integrations, and the identities that are actually driving cost and data exposure. Direct provider telemetry is more reliable for governance.

Q: What breaks when AI accounts are left outside managed identity processes?

A: Unmanaged AI accounts create shadow usage, unreviewed integrations, and ownership gaps that persist after the original user or team changes. The result is a governance blind spot where access, cost, and compliance evidence all become incomplete. Lifecycle controls must include AI accounts, not just human users.

Q: Who should be accountable for AI spend and access governance?

A: Accountability should sit with the identity and security programme, with finance as a partner on reporting. AI spend reflects active identity use, connected tools, and policy scope, so it cannot be managed as procurement alone. The right control model assigns ownership for accounts, integrations, and usage review.

Technical breakdown

Token-based consumption changes the control plane

Traditional SaaS management assumes predictable seat counts and stable renewals. AI tools such as IDE copilots and model-hosted workflows charge by usage, often through tokens that accumulate at runtime. That means the operating signal is no longer only who has a license, but how much activity each identity generates across models, tasks, and integrations. Direct API-based collection is more reliable than browser extension discovery because it captures usage where the spend actually occurs. In practice, finance and security need the same telemetry view, because consumption is both a budget issue and an identity issue.

Practical implication: Build reporting around usage, not only assignments, so AI spend can be tied to named identities and teams.

MCP connections expand the identity boundary

Model Context Protocol connections let AI tools reach into external services and data sources, which extends the trust boundary beyond the application itself. Once an AI tool can call external MCP servers, the relevant question becomes which identities, models, and apps are allowed to participate in that chain. Without direct visibility, teams can miss unauthorized integrations or over-broad access paths that do not look like classic SaaS risk. This is an identity governance problem because every connection creates another entitlement relationship that must be discoverable and reviewable.

Practical implication: Inventory MCP connections as part of application access review, not as a separate engineering-only concern.

Shadow AI accounts are a lifecycle problem

When employees create AI accounts outside managed workflows, the result is shadow AI, not just shadow IT. These accounts can hold data, billing relationships, and access to connected tools even after the original user intent has changed. Lifecycle controls matter here because offboarding, recertification, and ownership validation are the only reliable ways to keep AI usage tied to accountable identities. The article’s emphasis on labeling shadow accounts is important because unmanaged AI consumption often persists quietly unless it is deliberately brought into the identity programme.

Practical implication: Treat AI tool accounts like governed identities and include them in onboarding, review, and offboarding processes.

NHI Mgmt Group analysis

AI spend governance is now an identity problem, not only a finance problem. When usage is measured in tokens rather than seats, the identity that consumes the service becomes the unit of control. That shifts governance from procurement-led renewal management to runtime oversight of who is using which model, through which tool, and at what rate. Practitioners should stop separating AI cost management from identity governance because the same account can now drive both risk and spend.

Model Context Protocol creates an entitlement graph that traditional SaaS discovery will miss. Browser-only visibility cannot reliably show which external services an AI tool can reach, or which connected apps inherit that access path. The control gap is not abstract discovery failure, but incomplete mapping of identity-to-tool-to-data relationships. Practitioners should treat MCP linkages as part of access governance, not as incidental integrations.

Shadow AI accounts expose a lifecycle gap that most organisations still manage manually. The article’s own example of surfacing unmanaged accounts shows that ownership, review, and offboarding are the real control points. This is where identity programmes break down when AI adoption outruns provisioning discipline, because an account can be created quickly and forgotten just as quickly. Practitioners should extend lifecycle governance to AI tooling before informal adoption becomes embedded.

Token economics sharpen the case for continuous rather than periodic oversight. A monthly seat reconciliation model is too blunt for usage patterns that can change within hours. Direct provider integration gives teams the telemetry needed to attribute consumption, but attribution only matters if there is an operating model to act on it. Practitioners should align AI governance with continuous access and consumption review, not quarterly clean-up cycles.

From our research:

• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
• 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
• For a broader view of how machine access changes governance, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for lifecycle control patterns that extend beyond human identity.

What this signals

AI adoption is pushing identity programmes toward continuous consumption governance, because the control signal is no longer just access granted but access used. The practical question for teams is whether their current IAM and IGA processes can see AI accounts, usage spikes, and connected services soon enough to act. For a useful baseline on lifecycle thinking, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.

Token visibility gap: once AI usage is priced by consumption, the programme needs telemetry that links spend, identity, and integration state. That is closer to workload identity governance than traditional SaaS licence management, and it will increasingly belong in the same operating review as access certification and offboarding. Teams should expect AI governance to move from informal tooling oversight into standard identity operations.

For practitioners

• Inventory AI tools through provider APIs Pull user, model, and connection data directly from AI providers so discovery is based on actual usage rather than browser inference. Use the resulting inventory to identify shadow accounts and unapproved app associations.
• Tie token spend to named identities and teams Build cost reporting that maps model consumption back to individual users, groups, and applications. That lets security and finance teams forecast budget exposure and detect anomalous usage patterns early.
• Review MCP connections as access paths Include external MCP server links in access reviews and change control, because each connection can extend the trust boundary into additional tools or datasets. Treat these links as governed entitlements, not informal integrations.
• Extend offboarding to AI tool accounts When a user leaves a team or changes role, verify whether AI tool accounts, app associations, and model access have been removed or reassigned. Shadow accounts should not remain active after the business need ends.

Key takeaways

• AI tools turn identity governance into a consumption problem because the same account can now drive access risk and runaway spend.
• Browser-based discovery is not enough when AI tools consume models through APIs, MCP links, and desktop workflows.
• Teams that extend lifecycle controls to AI accounts will be better positioned to control shadow usage, auditability, and budget exposure.

Key terms

• Token Economy: A token economy is a usage-based pricing and control model where AI service consumption is measured by the amount of model processing, not by a fixed seat licence. For identity teams, it creates a direct link between who or what is using the system and how fast cost and risk can grow.
• MCP Connection: An MCP connection is a link between an AI tool and an external service or data source through the Model Context Protocol. It expands the trust boundary because the AI system can act across multiple applications, making the connection itself part of identity and access governance.
• Shadow AI Account: A shadow AI account is an AI tool account created or used outside managed identity processes. It may hold access, data, and billing relationships that are not visible to normal governance workflows, which makes it difficult to review, offboard, or attribute correctly.
• Consumption Telemetry: Consumption telemetry is usage data that shows how identities, models, and integrations are being exercised over time. In AI governance, it is the evidence base for cost attribution, anomaly detection, and entitlement review because spend and access are now tightly coupled.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by JumpCloud: AI SaaS How-To focused on token spending and Cursor visibility. Read the original.