Notifications
Clear all
Topic starter
22/06/2026 10:13 am
TL;DR: AI spend now spans hyperscalers, SaaS tools, startup vendors, and agentic workflows, making standard cloud billing too blunt for attribution and control, according to WitnessAI. The governance problem is not just cost visibility, but that the same runtime gap also hides shadow AI, policy violations, and data-handling risk.
NHIMG editorial — based on content published by WitnessAI: FinOps for AI and why it needs a unified governance model
By the numbers:
- 98% of FinOps practitioners now manage AI spend, up from 31% in 2024.
- AI infrastructure spending reached approximately $90 billion in Q4 2025 alone.
- Gartner’s shadow AI forecast predicts that by 2030, more than 40% of enterprises will experience security or compliance incidents linked to unauthorized shadow AI.
Questions worth separating out
Q: How should organisations attribute AI spend when usage is spread across tools and agents?
A: Start by tagging AI activity at the interaction level, not just the infrastructure level.
Q: Why do agentic AI workloads make cost forecasting so difficult?
A: Agentic workloads are harder to forecast because the execution path is not fixed in advance.
Q: What breaks when AI governance and cost governance are separated?
A: The organisation loses the ability to see the same event as both a financial and a policy issue.
Practitioner guidance
- Implement AI-specific cost attribution dimensions Tag AI workloads by team, environment, model path, and usage category so finance can distinguish training from inference and embedded AI from direct consumption.
- Move AI governance to runtime enforcement Classify every AI interaction at execution time so unauthorised tools, risky prompts, and hidden data flows can be controlled before they create spend or compliance drift.
- Start with showback before chargeback Expose AI usage by team without immediately billing it, then use the resulting behaviour changes to refine allocation rules and ownership boundaries.
What's in the full article
WitnessAI's full article covers the operational detail this post intentionally leaves for the source:
- The specific tagging dimensions the vendor recommends for AI showback and chargeback.
- The runtime visibility and policy enforcement capabilities used to map usage to teams and agents.
- Examples of how finance and security teams can align AI cost attribution with compliance evidence.
- The article's practical discussion of how unified guardrails work across sanctioned and shadow AI use.
👉 Read WitnessAI's analysis of FinOps for AI and unified governance →
FinOps for AI and shadow AI: where governance breaks down?
Explore further
22/06/2026 11:01 am
FinOps for AI is really an identity governance problem disguised as a cost problem. When teams cannot tie AI spend to a specific user, workload, or agent, they also cannot prove who authorised the activity or whether the interaction stayed within policy. The control failure is not just accounting opacity, but the absence of a governable identity trail across AI usage. Practitioners should treat attribution as an identity control, not a finance afterthought.
A few things that frame the scale:
- 98% of FinOps practitioners now manage AI spend, up from 31% in 2024, according to The 2024 ESG Report: Managing Non-Human Identities.
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: Who is accountable when shadow AI creates spend and compliance risk?
A: Accountability should sit with the business owner of the workflow, the identity that initiated the activity, and the governance function that approved or failed to detect it. If no one can trace an AI interaction back to a named owner, the organisation has already lost control of both spend and policy enforcement.
👉 Read our full editorial: FinOps for AI needs unified governance, not cloud cost tagging
