TL;DR: AI agent rollouts can consume 5 to 30 times the tokens of comparable chatbot interactions, and some enterprises have already blown through budgets by 4 to 11 times within 90 days, according to WorkOS and Gartner analysis. The governance gap starts in authorization: without per-agent identity, tool-level scoping, and session boundaries, cost attribution stays invisible and unusable.
NHIMG editorial — based on content published by WorkOS: The token bill is an identity problem
By the numbers:
- Gartner analysis puts agentic tasks at roughly 5 to 30 times the token consumption of equivalent chatbot interactions.
Questions worth separating out
Q: How should security teams govern AI agent token spend without losing accountability?
A: Treat token spend as an identity control problem.
Q: Why do shared credentials make AI cost controls fail in practice?
A: Shared credentials collapse multiple agents into one identity, so finance cannot tell which workflow consumed which tokens and security cannot revoke one agent without disrupting others.
Q: When should organisations use session-scoped tokens for AI agents?
A: Use session-scoped tokens whenever an agent performs multi-step or tool-using work that can continue after the visible user action is complete.
Practitioner guidance
- Issue distinct credentials to every agent Stop allowing AI agents to authenticate as the human who configured them or as a shared service account.
- Scope agent access at the tool level Grant each agent only the tools it genuinely needs for a task, rather than broad application or environment access.
- Tie every task to a session boundary Use session-scoped tokens that expire when the task ends, and require explicit renewal for any continued operation.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- A deeper breakdown of how token recursion, retrieval breadth, and parallel agent activity drive costs beyond chatbot patterns.
- Specific examples of authorization choices that produce usable audit data for chargeback and finance reconciliation.
- The article's own view on how session-limited access changes the economics of agent deployment.
- Context on the emerging tokenomics governance conversation and where current tooling falls short.
👉 Read WorkOS's analysis of why AI token spend is an identity problem →
AI agent token spend and identity control: what teams need now?
Explore further
AI token governance is an identity problem before it is a finance problem. The article shows that cost visibility collapses when a system cannot tell which agent made the call, on whose behalf it acted, and what it was allowed to do. That is an IAM failure mode, not a budgeting nuance. Practitioners should treat attribution as an access-control outcome, not a downstream reporting project.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why identity attribution problems persist even when teams believe they have control.
A question worth separating out:
Q: What do IAM teams need to measure to know whether agent governance is working?
A: Measure whether every agent action can be tied to a unique identity, a scoped permission set, and a closed session. If any one of those joins is missing, attribution is incomplete and cost governance is still dependent on manual reconciliation rather than control evidence.
👉 Read our full editorial: Token spend is an identity problem for AI agent governance