FinOps for AI needs unified governance, not cloud cost tagging

At a glance

What this is: This is an analysis of why FinOps for AI needs its own operating model, with AI spend, attribution, and governance all converging at runtime enforcement.

Why it matters: It matters because IAM, security, and finance teams now have to govern the same AI interactions for cost, policy, and accountability across human users and agents.

By the numbers:

• 98% of FinOps practitioners now manage AI spend, up from 31% in 2024.
• AI infrastructure spending reached approximately $90 billion in Q4 2025 alone.
• Gartner’s shadow AI forecast predicts that by 2030, more than 40% of enterprises will experience security or compliance incidents linked to unauthorized shadow AI.

👉 Read WitnessAI's analysis of FinOps for AI and unified governance

Context

FinOps for AI is the discipline of treating AI spend as its own cost and governance domain, rather than folding it into traditional cloud accounting. The primary problem is attribution: when usage spreads across model APIs, embedded assistants, agent workflows, and bundled software, standard billing no longer shows who consumed what or why.

That matters to identity and governance teams because the same AI interaction can create cost, data-handling exposure, and policy drift at once. Once AI usage becomes distributed across sanctioned and shadow tools, finance can lose cost visibility at the same moment security loses control visibility.

Key questions

Q: How should organisations attribute AI spend when usage is spread across tools and agents?

A: Start by tagging AI activity at the interaction level, not just the infrastructure level. Track team, environment, workload, and model path so finance can separate training, inference, and embedded usage. If one request can trigger many model calls, attribution has to follow the workflow, otherwise showback and chargeback will both misstate who used what.

Q: Why do agentic AI workloads make cost forecasting so difficult?

A: Agentic workloads are harder to forecast because the execution path is not fixed in advance. One task may trigger retries, tool calls, verification steps, and multiple model calls, each with different cost implications. Traditional forecasting assumes stable unit costs and predictable execution, which agent behaviour breaks at runtime.

Q: What breaks when AI governance and cost governance are separated?

A: The organisation loses the ability to see the same event as both a financial and a policy issue. A hidden AI tool can create overspend, data leakage, and compliance exposure in one interaction, but separate control planes often detect only one of those outcomes. Unified governance is what makes the full risk visible.

Q: Who is accountable when shadow AI creates spend and compliance risk?

A: Accountability should sit with the business owner of the workflow, the identity that initiated the activity, and the governance function that approved or failed to detect it. If no one can trace an AI interaction back to a named owner, the organisation has already lost control of both spend and policy enforcement.

Technical breakdown

Why cloud billing obscures AI consumption

Traditional cloud billing was built around stable infrastructure primitives such as compute, storage, and network usage. AI consumption breaks that model because costs can be tied to token usage, inference calls, agent toolchains, and embedded licenses rather than a single resource owner. A single user request may trigger repeated model calls across different services, while retries and model switching create additional cost without a clean business owner. That is why AI spend becomes difficult to allocate with ordinary tags and exports.

Practical implication: finance and identity teams need AI-specific allocation dimensions such as team, workload, environment, and model path.

How agentic AI changes forecasting and accountability

Agentic AI introduces variable execution paths that are not fixed at provisioning time. The same task can consume different amounts of compute because an agent may reason, verify, retry, and call tools multiple times before stopping. That creates cost volatility, but it also complicates accountability because there is no single static request profile to govern. In practice, the workflow itself becomes the unit of control, not just the app or service account behind it. This is why cost governance and runtime policy enforcement increasingly belong in the same control plane.

Practical implication: teams should govern AI workflows at runtime, not only approve budgets at project start.

Where unified guardrails control both spend and risk

Unified guardrails work because cost and governance failures often arise from the same interaction. If an employee uses an unapproved AI tool, the organisation loses both spend visibility and policy control in one event. A common enforcement point can log the interaction, classify purpose, mask sensitive inputs, and surface unauthorised usage before it becomes a finance or compliance problem. That approach aligns with zero trust thinking applied to AI: every interaction is a governed event, not a trusted default.

Practical implication: build one runtime enforcement layer that can support showback, policy control, and audit evidence together.

NHI Mgmt Group analysis

FinOps for AI is really an identity governance problem disguised as a cost problem. When teams cannot tie AI spend to a specific user, workload, or agent, they also cannot prove who authorised the activity or whether the interaction stayed within policy. The control failure is not just accounting opacity, but the absence of a governable identity trail across AI usage. Practitioners should treat attribution as an identity control, not a finance afterthought.

Runtime enforcement is now the common control plane for cost, data, and compliance. The same AI interaction can create budget leakage, data exposure, and policy violation in one motion, so splitting those controls across separate teams produces blind spots. This is where NIST Cybersecurity Framework 2.0 style governance logic matters: identify, protect, detect, and respond must apply to AI consumption as an operational activity. Practitioners should converge these controls before scale turns fragmented visibility into routine overspend.

Shadow AI is the clearest sign that approval-based governance has fallen behind actual usage. Once employees can access AI through browser tools, embedded assistants, or third-party services, budgets and controls migrate outside formal procurement paths. That is a governance signal, not just a usage trend. The implication is that enterprise AI oversight must follow the actor and the interaction, not only the contract.

Cost attribution becomes a lifecycle issue as soon as AI usage is shared across teams and agents. The ownership question changes when one request can trigger multiple services, multiple bills, and multiple policy checkpoints. This is where access, usage, and accountability converge, and where lifecycle models for human users, NHIs, and AI agents begin to look structurally similar. Practitioners should align chargeback, recertification, and policy ownership around the interaction layer.

FinOps for AI will increasingly separate mature programmes from reactive ones. Organisations that can make AI spend legible, attributable, and defensible will move faster because finance and security will stop debating the basic facts of usage. Those that cannot will keep negotiating every new AI initiative as a special case. Practitioners should expect unified AI governance to become a prerequisite for scale, not a reporting enhancement.

From our research:

• 98% of FinOps practitioners now manage AI spend, up from 31% in 2024, according to The 2024 ESG Report: Managing Non-Human Identities.
• From our research: The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
• Forward look: If AI spend is now a governed identity problem, teams should review the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs alongside cost attribution work.

What this signals

Identity-led AI governance will become the practical ceiling for FinOps maturity. Once spend attribution depends on knowing which user, workload, or agent generated the interaction, cost management stops being a finance-only discipline. The programmes that move first will connect AI usage telemetry to identity context, policy decisions, and audit evidence in one place.

Shadow AI forces teams to treat usage discovery as a control objective, not a discovery exercise. As AI spreads through embedded tools and unapproved services, the real question is not whether AI is present, but whether the organisation can trace the actor behind it. That is where governance, security, and finance need a shared operating view.

With 72% of organisations reporting or suspecting NHI breaches in our research, the same governance discipline that tracks machine identity exposure should now be extended to AI consumption paths. The lesson is that visibility without ownership does not scale, whether the subject is a service account or an AI workflow. Teams should expect AI cost governance to converge with NHI lifecycle controls over time.

For practitioners

• Implement AI-specific cost attribution dimensions Tag AI workloads by team, environment, model path, and usage category so finance can distinguish training from inference and embedded AI from direct consumption.
• Move AI governance to runtime enforcement Classify every AI interaction at execution time so unauthorised tools, risky prompts, and hidden data flows can be controlled before they create spend or compliance drift.
• Start with showback before chargeback Expose AI usage by team without immediately billing it, then use the resulting behaviour changes to refine allocation rules and ownership boundaries.
• Treat shadow AI as a governance signal Correlate browser use, embedded assistants, and unsanctioned tools with identity context to identify where formal procurement and policy controls are being bypassed.

Key takeaways

• AI spend has outgrown traditional cloud cost models because usage, ownership, and billing no longer align cleanly.
• Agentic workflows amplify the problem by turning one request into many runtime decisions, model calls, and cost events.
• The most effective response is unified runtime governance that ties attribution, policy enforcement, and auditability together.

Key terms

• FinOps for AI: FinOps for AI is the practice of governing AI consumption as its own cost domain, with separate attribution, forecasting, and accountability from traditional cloud spend. It focuses on model usage, token economics, and workflow ownership so organisations can manage both financial efficiency and control risk.
• Shadow AI: Shadow AI is the use of AI tools, models, or agents that operate outside approved procurement, security, or governance processes. It creates a visibility problem for finance and a control problem for security because the organisation cannot reliably see who used the service, what data it touched, or how costs accumulated.
• Showback: Showback is a cost visibility model that reports usage by team or business unit without immediately billing them. In AI programmes, showback is often the first step toward accurate chargeback because it exposes which workflows, agents, or departments are consuming budget and where governance is missing.
• Runtime enforcement: Runtime enforcement is the control of policy at the moment an interaction happens, rather than only at provisioning or approval time. For AI governance, it means classifying prompts, masking sensitive data, and blocking risky usage as the system executes, which is essential when cost and risk are created by the same event.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity, it is worth exploring.

This post draws on content published by WitnessAI: FinOps for AI and why it needs a unified governance model. Read the original.