
Key facts.
- IBM's Cost of a Data Breach 2025 reports an average breach cost of USD 4.44 million globally and USD 10.22 million in the US, the downside an over-permissioned or mistaken agent can trigger. source
- The IMF's 2026 note on agentic AI in payments details the operational, compliance and resilience controls these systems require, which are recurring costs the business case must include. source
- Agent spend can grow roughly quadratically in the number of steps a run takes, because each step re-sends the accumulated context, so the operating cost escalates past an inference-only quote rather than tracking it (blog.exe.dev, reported). source
- Under inference sit oversight, monitoring, maintenance and a wrong action, IBM puts a breach near USD 4.44M; a bigger model trims inference and leaves the rest, so count the rest. (source)
Why does the inference-only case mislead?
Because inference is the one cost that is easy to quote and the smallest part of the real total. The business case built on it presents a number that looks attractive and is incomplete and the gap between that number and the real one is where projects get cancelled mid-flight. Oversight is a standing cost because the agent is probabilistic and someone has to catch the misses. Monitoring and observability are infrastructure to build and operate. Maintenance recurs as the agent's tools, models and surrounding systems change. And the downside cost is the tail risk: an agent with broad access that takes a wrong action can produce a loss measured in the millions, as the breach figures show. None of these appear in an inference quote and all of them are real spend.
A stronger model does not collapse this stack. It can reduce the inference line and lower the error rate a little, which trims oversight at the margin, but monitoring, maintenance and the downside exposure are properties of running an autonomous system in production, not of the model's quality. So the honest case counts them whatever model is underneath and the quadratic-cost pattern is what happens to the cases that did not: the operating cost escalates past the quoted figure and the value never catches up.

What goes into a full-cost case?
Five lines, not one. Inference, the visible token and tool cost at production volume. Oversight, the human time to review and correct, sized to the agent's error rate. Monitoring, the observability infrastructure to build and run. Maintenance, the ongoing engineering as the system changes. And expected downside, the probability-weighted cost of a wrong action, anchored on real figures like the breach numbers rather than assumed away. Net the gross benefit against all five and you get a number you can defend, one that survives the review where the inference-only case quietly falls apart. The point is not to make the agent look expensive, it is to make the case true, so the funding holds when the real costs arrive.
| Cost line | Inference-only case | Full-cost case |
|---|---|---|
| Inference | Counted | Counted, at production volume |
| Oversight | Ignored | Sized to error rate |
| Monitoring + maintenance | Ignored | Built into the budget |
| Downside risk | Assumed away | Probability-weighted |
The Pattern Intelligence Layer is where the full-cost picture stays current. Inference, oversight load and the failure rate that drives downside exposure are tracked at the pattern level, so the business case is fed by live numbers rather than a one-time estimate. Reliability at the pattern level is what keeps the case honest as the agent runs, which is what keeps it funded.
Frequently asked questions
Why does my approved agent keep running over budget?
The approved case likely counted inference and little else. Oversight, monitoring, maintenance and downside risk are real recurring costs and when they arrive the budget that ignored them is exposed.
How do I put a number on downside risk?
Probability-weight the cost of a wrong action using real anchors, like IBM's breach figures for a data-exposure failure, rather than assuming the agent never errs.
Does a better model let me drop these lines?
No. It trims inference and oversight a little, but monitoring, maintenance and downside exposure come from running an autonomous system, so the full-cost case still counts them.

