Genai spending is rising fast, but are controls keeping up?

TL;DR: Enterprise GenAI adoption is accelerating, with Gartner cited in Kong's survey finding more than 80% of enterprises will have deployed GenAI applications or used GenAI APIs by 2026, while 72% of respondents expect LLM spending to rise in the next year. The governance gap is that budget growth is outrunning security and compliance readiness, not just model choice.

NHIMG editorial — based on content published by Kong: 72% Say Enterprise GenAI Spending Going Up in 2025, Study Finds

By the numbers:

• 80% of enterprises will have deployed generative AI, erative AI applications or used GenAI APIs by 2026, up from just 5% in 2023.
• 72% of respondents say they anticipate an increase in their organization's LLM spending in the year ahead.
• 37% say they're currently spending more than $250,000 USD a year on LLMs.

Questions worth separating out

Q: How should security teams govern enterprise GenAI access at scale?

A: Treat GenAI access as an identity programme, not a feature toggle.

Q: Why do GenAI programmes create new identity risk even when the models change?

A: Because the operational risk sits in the identities that call the models, not only in the models themselves.

Q: What breaks when LLM access is not tied to lifecycle management?

A: Access persists after pilots end, integrations move, or vendors change, and that leaves old credentials in circulation.

Practitioner guidance

• Map every model-facing identity Build an inventory of service accounts, API keys, tokens, and federated identities used to call LLMs, then assign a business owner and a defined purpose to each one.
• Bind GenAI approvals to lifecycle events Require re-approval when a model provider changes, a new integration is added, or an application moves environments so access does not persist beyond the intended deployment state.
• Scope credentials to specific use cases Limit each integration token to the minimum model, data source, and workflow it needs, and separate production access from experimentation and testing.

What's in the full article

Kong's full research covers the operational detail this post intentionally leaves for the source:

• Survey methodology and respondent mix across 550 Kong users, engineers, and IT decision-makers.
• Detailed breakdown of spending expectations and current LLM budget bands by the organisations surveyed.
• Model usage comparisons across Google, OpenAI, Anthropic, Meta, IBM, and DeepSeek in early 2025.
• Direct commentary on the adoption barriers respondents associate with security and compliance.

👉 Read Kong's survey findings on enterprise GenAI spending and adoption →

Genai spending is rising fast, but are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →