The math that justifies agent security spend before the breach, not after

A breach involving unauthorized AI runs longer and costs more. The controls that prevent it cost a fraction of the cleanup.

B

Balagei G Nagarajan

3 MIN READ


A balance scale weighing a small stack of control costs against a towering stack of breach costs
Leadership responds to that framing because it's the same expected-value math they use everywhere else.
— from “The math that justifies agent security spend before the breach, not after”

Key facts.

  • IBM's 2025 report: global average breach cost 4.44 million dollars; US average a record 10.22 million.source
  • Shadow AI added about 670,000 dollars to average breach costs, with longer lifecycles (247 vs 241 days) and higher PII compromise (65% vs 53%).source
  • 13% of organizations reported breaches of AI models or applications, and 97% of those lacked AI access controls.source
  • Classic SDLC economics: a defect costs roughly 30x to 100x more after release than at design, and security defects follow the same curve.source

How do you actually make the budget case?

Put two numbers side by side. On one side, the cost of the controls: scoped permissions, an access-governance layer, runtime monitoring, and the engineering time to wire them in early. On the other, the expected cost of a breach weighted by its likelihood, using the IBM averages as your anchor and adding the shadow-AI premium if your agents touch unmanaged tools. The control side is a known, bounded number. The breach side is large, and the 97% figure tells you the likelihood isn't theoretical for teams that skip access controls.

Leadership responds to that framing because it's the same expected-value math they use everywhere else. You aren't asking for security as insurance against a vague fear. you're showing a bounded spend against a measured, dated loss.

Gauge chart contrasting bounded control cost against the much larger expected breach cost

Where does the money go furthest?

The cheapest dollar is the early one. Scoping permissions and adding monitoring while you build costs config and a logging layer. The same work after a breach is a redesign under pressure plus the breach itself. The 30x-to-100x late-fix curve isn't folklore, it's the default behavior of software cost, and security isn't exempt.

SpendBounded control cost (early)Expected breach cost (skipped)
Permission scopingConfig at tool wire-upPart of 4.44M global average
Access governanceOne governance layer97% of AI breaches lacked it
Runtime monitoringTelemetry plus alerts+670K shadow-AI premium, longer lifecycle

this is where a Pattern Intelligence Layer turns into a line item leadership approves. Reliability and security at the pattern level mean the controls are bounded, reusable, and enforced on every run, so the spend is predictable and the protected surface is the whole agent, not one model. Predictable cost against a measured loss is the easiest budget conversation in security.

Frequently asked questions

what's the strongest single stat for a budget deck?
97% of organizations that suffered an AI-related breach lacked AI access controls (IBM 2025). It links a cheap control directly to the loss it prevents.

Breach costs dropped in 2025. Doesn't that weaken the case?
The drop came from faster AI-assisted containment, not from lower risk. Shadow-AI breaches still ran longer and cost more. The control case stands.

Isn't a better model cheaper than all these controls?
No. A stronger model still gets breached when defenses fall to adaptive attacks. Controls protect the pattern; the model is one swappable part of it.


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.