Home / Documentation / Cost analysis

What it costs not to govern your agents.

We don't list a price for the runtime. AOSIQ is open source and the engagement model is still being shaped with first-cohort design partners. What we can do is help you compute what the absence of governance costs you today — with sourced industry data, transparent methodology, and honest ranges.

Two cost categories are covered here. There are more; we cover only what's defensibly quantifiable.

Document
v0.1.0
Last updated
May 2026
Reading time
≈ 9 min
Audience
Buyers, finance

§ 01 / FrameWhy we don't show a price

Pricing pages commit a vendor to a commercial structure. AOSIQ is in design-partner phase. Until the engagement model is settled with first-cohort customers, anything we'd put on a pricing page would be invented.

What we can do — and what's more useful at this stage anyway — is help you understand what the absence of agent governance is costing you right now. If the number on this page is a fraction of what you'd pay for AOSIQ, the conversation is moot. If it's substantial, then the question becomes how to govern at the lowest operational friction. That's where AOSIQ enters.

Two cost categories are quantifiable from current public industry data: avoided incident occurrence and severity, and avoided incident response time. Neither is a complete picture. Both are defensible.

§ 02 / Category oneAvoided incidents from autonomous actor actions

The mechanism: AOSIQ's capability narrowing means an actor without permission for a destructive tool cannot call it, regardless of whether the actor is a reasoning agent making a decision or a deterministic script following a flawed code path. The approval gate means even actors with destructive permissions cannot execute autonomously — every irreversible action requires explicit operator sign-off. Together they prevent the class of incidents where an actor did something it shouldn't have.

Industry data quantifying these costs is most mature for AI agent incidents (Gravitee 2026, IBM 2025). The mechanism applies equally to deterministic automation that touches your systems — a miswritten script that deletes the wrong database is a governance failure regardless of whether AI was involved. We cite the AI agent data because it's the rigorous public data we have; conservative readers should treat the numbers as applicable to a wider population of automation incidents.

The frequency baseline

88%

of organizations reported confirmed or suspected AI agent security incidents in the last twelve months.1 The rate reaches 92.7% in healthcare. Not all incidents are catastrophic; some are minor operational disruptions. But the baseline frequency is high enough that some incident is the expected outcome, not an edge case.

The IBM 2025 Cost of a Data Breach Report — based on Ponemon's independent research across 600 breached organizations in 17 industries2 — adds the critical second statistic:

97%

of organizations that experienced an AI-related security incident lacked proper AI access controls.2 Among the 600 organizations researched, 63% reported having no AI governance policies. The correlation is not subtle: ungoverned agent operations are where the incidents happen.

The severity range

Not every AI agent incident becomes a $4M data breach. Some are operational disruptions handled in an afternoon. Others escalate. The IBM data establishes the worst-case bracket:

$4.44M

global average data breach cost in 2025 (down 9% from $4.88M in 2024).2 The U.S. average reached a record $10.22M. Healthcare averaged $7.42M. Organizations experiencing breaches involving "shadow AI" — unsanctioned AI tools without IT oversight — paid an additional $670,000 on average.

Methodology

Most agent incidents will not escalate to a full data breach. A reasonable distribution for an organization running 20–50 agents in production:

  • Minor: ~70% of incidents — operational hiccup, brief downtime, no data exposure. Cost: $5K–$50K (operator hours plus user impact).
  • Moderate: ~25% of incidents — partial data exposure, cross-team escalation, regulatory notification considered. Cost: $50K–$500K.
  • Major: ~5% of incidents — full data breach, regulatory action, public disclosure. Cost: $1M to the IBM averages above.

AOSIQ's preventive value is not uniform across these tiers. Capability narrowing and approval gates are most valuable in the major-tier scenarios — the moments where an autonomous destructive action would otherwise execute before anyone could intervene.

expected_avoided_cost = ∑ (incident_probability × incident_cost × prevention_efficacy)
What this analysis assumes. The IBM cost figures are for data breaches generally. They are an upper bound on what an AI agent incident might cost — most agent incidents are operationally smaller. We use them because they are the most rigorous public data we have on incident severity at the worst-case end of the distribution.

§ 03 / Category twoAvoided incident response time

The mechanism: AOSIQ's tamper-evident audit chain means every action — spawn, tool call, memory write, capability denial — is reconstructible from immutable per-session records. Capability narrowing bounds blast radius: forensic teams know exactly what tools the agent could and couldn't have called. Together they accelerate the most expensive part of any security incident: figuring out what happened.

The duration baseline

241 days

mean breach lifecycle in 2025 — the average time from breach occurrence to identification and containment.2 The lowest figure in nine years, but still extraordinarily long. Detection and escalation alone cost an average of $1.47M per incident — the largest single cost category in the IBM analysis.

The acceleration available

IBM's data establishes that organizations using AI and automation extensively in their security operations:

80 days

shorter breach lifecycle on average, plus $1.9M in cost savings per incident, compared to organizations not using these tools.2 The mechanism is faster identification, faster containment, and shorter dwell time for attackers.

Methodology

AOSIQ does not directly map to "AI in security operations" — it maps to governance infrastructure that produces forensic visibility. The two are different mechanisms for the same outcome: when something goes wrong, you have the data to figure it out fast.

For a session in question, the AOSIQ audit chain provides: every tool call with arguments, every memory operation, every state transition, every approval decision, every capability denial — all SHA-256 chained, all replayable. A forensic investigator reconstructs the full session in minutes rather than hours.

Estimated time savings per incident depend on incident type and operator skill, but typical ranges in the IBM data span 2080 days reduced lifecycle. Operator-hour savings per incident scale from 10200 hours, depending on incident scope.

avoided_cost = (incidents_per_year) × (avg_hours_saved) × (loaded_operator_cost)
What this analysis assumes. The IBM 80-day / $1.9M figures describe organizations with mature, broadly-deployed security AI/automation programs — not a single piece of governance infrastructure. AOSIQ contributes to one specific part of that picture (forensic visibility). The savings attributable specifically to AOSIQ are a fraction of the total, not the total.

§ 04 / Worked exampleA specific deployment shape

To illustrate how the methodology works on real inputs, consider a representative customer profile. This is an example, not a guarantee. Substitute your own operational reality and the math shifts accordingly.

Example deployment
Regulated SaaS company · 25 agents in production

Assumed inputs

Production agents 25
Industry Regulated SaaS (financial, health-adjacent, or compliance-bearing)
Loaded operator cost $200 / hour
Expected agent incidents per year 3 minor, 1 moderate, 0–1 major
Average incident response time, no governance 80–200 operator hours per moderate+ incident
Time reduction with audit-grade forensics 40–60% of investigation time

Category 1 — avoided incident severity

Capability narrowing and approval gates prevent the autonomous-execution path that turns moderate incidents into major ones. For a single avoided escalation per year:

$200,000$1,500,000 annually, depending on whether the avoided escalation would have reached data-breach severity.

Category 2 — avoided response time

Across 4 incidents per year × 80–200 hours × 40–60% reduction × $200/hr loaded cost:

$25,600$96,000 annually in operator hours saved on incident forensics.

Combined range

$225,600$1,596,000 per year for this deployment shape, with the wide span reflecting real uncertainty about whether any avoided incident would have escalated to data-breach severity.

The honest read. The bottom of this range ($225K) assumes no major incidents at all and modest forensic savings. The top ($1.6M) assumes one prevented major incident in the year. Most customers will land closer to the bottom in any given year — but the major-incident scenarios are exactly why governance infrastructure exists.

§ 05 / LimitsWhat this analysis doesn't cover

Several real benefits of AOSIQ are not in the numbers above because they aren't reliably quantifiable from public data. Honest accounting requires naming them rather than smuggling them in.

  • Faster procurement and security review cycles. A platform with a published threat model, capability narrowing primitives, and tamper-evident audit clears enterprise security review faster than one without. Real benefit; cycle time, not dollars.
  • Avoided regulatory penalties. Where AI agent actions trigger regulatory frameworks (HIPAA, SOX, PCI, GDPR, forthcoming AI-specific rules), AOSIQ's audit trail is regulator-grade evidence. Penalty avoidance is real but industry-specific and hard to generalize.
  • Reduced cyber insurance premiums. Cyber insurance increasingly factors AI deployment governance into pricing. The effect is real; the magnitude varies by carrier and policy.
  • Avoided headline risk. If your AI agent doesn't accidentally delete production data, you don't end up in a Wall Street Journal article. Real value, impossible to quantify honestly.
  • Avoided LLM cost overruns. AOSIQ's cost ledger with hard ceilings prevents runaway agent spend. Industry data on LLM cost overruns is anecdotal rather than systematic; we don't quote a number we can't source.
  • Engineering time not spent building governance from scratch. Real benefit, but most organizations would defer rather than build, so the avoided cost is itself uncertain.

Each item above is a real cost AOSIQ helps with. None is included in the worked example because the data to back specific dollar figures isn't available at industry-research quality.

§ 06 / Your ownCompute your own

The framework above is reusable. To estimate AOSIQ's value for your operation:

  1. Estimate your agent incident frequency. Most organizations report some incidents per year per cluster of deployed agents. The Gravitee 88% baseline suggests few are immune.
  2. Distribute your incidents across severity tiers. What fraction are minor, moderate, major? Your distribution will differ from ours; your historical incident reports are the best data.
  3. Apply preventive efficacy by tier. AOSIQ prevents most major-tier incidents (where autonomous destructive action is the cause) and reduces severity of moderate-tier ones. It does little for purely minor incidents.
  4. Add forensic acceleration value. Estimate operator hours per incident under your current process, multiply by your loaded operator cost, multiply by the fraction of investigation time the audit chain saves.
  5. Apply discount for uncertainty. The major- incident scenario dominates most calculations and is also the most uncertain. A reasonable conservative reading discounts by 50%.

The spreadsheet behind the worked example is available on request. Send a note via the contact form on the homepage and we'll share it.

§ 07 / SourcesWhat this is built on

Every percentage and dollar figure on this page is sourced from published industry research. The two sources below are the only ones cited; we don't reach beyond them for headline numbers.

  1. Gravitee, State of AI Agent Security 2026. Survey of 919 enterprise executives and practitioners across multiple verticals. Cited for: AI agent incident frequency (88% global, 92.7% healthcare), authentication patterns (45.6% shared API keys, 21.9% identity-bearing agents), governance approval baseline (14.4% with full security/IT approval).
    www.gravitee.io/state-of-ai-agent-security
  2. IBM, Cost of a Data Breach Report 2025 (research by Ponemon Institute, 600 breached organizations across 17 industries, 20th annual edition). Cited for: global average breach cost ($4.44M), U.S. average ($10.22M), healthcare average ($7.42M), shadow AI premium ($670K), mean breach lifecycle (241 days), detection and escalation cost ($1.47M average), AI/automation savings ($1.9M, 80 days), AI access controls finding (97% of AI-related breaches lacked them), AI governance gap (63% of organizations).
    www.ibm.com/reports/data-breach

Both reports are published, freely available, and update annually. We'll refresh this page when new editions of either are released and the numbers shift materially.

Want help running these numbers for your specific case?

The methodology applies to any operational shape. If you're working through a procurement justification or a board-level briefing on agent governance, we're happy to walk through the math against your specific incident history and operational profile.

Talk through your numbers Read the threat model