Malik Haidar stands at the intersection of high-stakes corporate defense and cutting-edge technological evolution. With years of experience managing the cybersecurity frontiers of multinational corporations, he has witnessed the shift from manual log analysis to the high-speed world of automated intelligence. His work focuses on a critical yet often overlooked aspect of modern security: the alignment of business strategy with technical resilience. In an era where organizations are rushing to integrate autonomous agents into their Security Operations Centers, Malik provides a sobering look at the hidden costs and architectural challenges that come when the speed of the machine meets the reality of the corporate budget.
The following discussion explores the transition from traditional licensing to volatile token-based economics within cybersecurity platforms. We examine the fundamental differences between machine learning, generative AI, and autonomous agents, highlighting how the shift to agentic loops can lead to explosive cost increases. Malik explains the operational risks of “token exhaustion,” the potential for new types of security blind spots, and why the future of large-scale AI security might actually lie in a return to on-premises infrastructure.
The shift from traditional machine learning to agentic AI is often described as a leap in efficiency, but it changes the underlying cost structure of a security platform. How does the removal of the “human bottleneck” specifically translate into the explosive token consumption we are seeing now?
To understand this, you have to look at the three distinct layers of AI currently operating in the field. Traditional Machine Learning is essentially a silent workhorse; it calculates mathematical distances between numerical data points and behavioral baselines, meaning its token consumption is exactly zero because it isn’t “reading” language. When we moved to Generative AI, we introduced a human-in-the-loop system where a human types a prompt and the AI returns a summary. This is still very manageable because the cost is bounded by human speed—we can only type so fast. However, Agentic AI removes that human pacing entirely by creating a multi-step execution loop where the machine acts autonomously to achieve a high-level goal, like determining if a primary Domain Controller has been compromised. In this scenario, the agent is autonomously calling APIs, parsing mountains of raw logs, and evaluating payloads at a rate no human could match. The meter runs continuously until the job is done, and because there is no human to slow it down, a single complex investigation can burn through millions of tokens in a matter of minutes.
We are seeing a move away from predictable, per-seat licensing toward a more volatile model based on tokens. Could you break down the actual economics of these frontier models and why they are so difficult for a CISO to budget for?
For decades, the CISO’s world was built on the comfort of predictable, fixed metrics like the number of endpoints or seats in an organization. The shift to frontier AI models like Anthropic’s Claude or OpenAI’s GPT models has turned cybersecurity into a variable operational expense with no natural ceiling. To give you some concrete numbers, Anthropic’s Claude Sonnet 4.6 costs about $3.00 per million input tokens and $15.00 per million output tokens, while GPT-5.5 can run $5.00 per million input tokens and $30.00 per million output tokens. While a simple alert triage might only take 1,000 tokens, a fully autonomous agentic loop that reasons across an entire event chain might require 20,000 to 50,000 tokens for a single incident. If you multiply that by the thousands of alerts generated daily in a multinational corporation, you realize that a major enterprise-wide malware outbreak could potentially wipe out an entire quarter’s budget over a single weekend. It creates a terrifying scenario where the cost of defending the network is directly tied to the volume of the attack, leaving the organization financially vulnerable at the exact moment they are most technically vulnerable.
There have been some staggering reports recently regarding AI budget burnouts in major tech firms. What do these real-world examples tell us about the risks of unmonitored AI usage in a security context?
These aren’t just theoretical warnings; we are seeing the financial fallout in real-time across the industry. There was a recent case where an unidentified company ran up a $500 million Claude bill in a single month simply because they failed to place usage limits on their employee licenses. Even at the highest levels of tech leadership, we see this struggle; Uber’s CTO reportedly burned through his entire AI budget for 2026 by April of this year. Within the cybersecurity sector specifically, Palo Alto Networks faced a similar reality when testing Anthropic’s Claude Mythos against their own source code. While the model was incredibly effective—finding more than two dozen critical vulnerabilities—it cost the company over $1 million in tokens just to perform that specific task. These stories highlight a structural mismatch between what frontier AI models cost to operate and what traditional security budgets are designed to absorb, proving that without strict guardrails, the machine’s appetite for tokens can outpace even the largest corporate coffers.
If an organization hits its monthly token limit during a high-severity incident, it creates a dangerous operational crossroads. What are the specific risks when a security team is forced to make “operational compromises” due to cost?
This is perhaps the most concerning aspect of the “tokenization” of security. We saw a similar trend years ago in the SIEM industry where organizations began limiting the data they collected to save on ingestion costs, which led to massive blind spots that attackers eventually exploited. Now, we are seeing that same dynamic play out with AI. When a screen flashes a message saying you’ve reached your monthly limit and need to “Upgrade to Enterprise Plus” while a Domain Controller is being flagged for anomalous activity, the SOC manager is faced with an impossible choice. They either have to pay a massive overage, throttle the investigation, or revert to manual triage at a time when speed is of the essence. In practice, I fear teams will start disabling agentic workflows or skipping deep automated triage on lower-priority alerts just to save credits. This creates an environment where the quality of security outcomes is dictated by the remaining balance in a token account, rather than the actual level of threat, which is a gap an adversary will eventually find and walk through.
How does the choice of deployment architecture—cloud versus on-premises—impact the long-term viability of using autonomous agents at scale?
The architecture of your security platform is no longer just a technical preference; it’s a strategic financial decision. Cloud-based architectures are inherently volatile because they pass the AI costs—every reasoning loop, every API call, and every orchestration step—directly to the customer at the model provider’s current market price. This makes agentic security nearly impossible to run at full depth continuously without hitting a financial ceiling. On the other hand, on-premises architectures are becoming attractive again because they rely on fixed local compute. By using your own hardware to execute these complex reasoning loops, you don’t have a token meter running in the background for every word the machine reads or writes. For an organization that needs its autonomous agents to be “always-on” and digging deep into every alert, on-premises is currently the only architecture where the economics actually make sense in the long run.
As vendors begin to mask these costs using “AI credits” or “operation-based” pricing, how should organizations prepare for this new era of consumption economics?
We are going to see a wave of new credit-based pricing models that abstract tokens into things like “AI credits” or “operation units.” While this helps vendors manage their own margin problems, it doesn’t change the fact that CISOs are being moved from predictable budgets to variable consumption models. The winners in this new machine-speed race won’t necessarily be the ones with the most powerful agents; they will be the ones who understand that AI in security is a tiered system. You use Machine Learning for high-volume detection because it’s cheap and efficient, Generative AI for adding context to investigations, and you reserve the expensive, token-heavy Agentic AI for closing the loop with autonomous action. Success requires selecting the right platform and model for the right job so that the economics of the defense don’t become a constraint that an adversary can exploit.
What is your forecast for the future of AI-driven security economics?
I believe we are heading toward a more stratified and “hybrid” economic model where the initial excitement over “all-AI” security will be replaced by a more pragmatic, tiered approach. We will likely see the rise of smaller, specialized local models that handle the bulk of the reasoning on-premises to keep costs fixed, while the massive, expensive frontier models like GPT or Claude will be reserved for the most complex, high-stakes scenarios. Security vendors will eventually have to provide more transparency, perhaps even allowing customers to “bring your own key” for AI models to better control their own spending. Ultimately, the industry will realize that while autonomous agents are essential for matching the speed of modern attackers, the ultimate goal isn’t just to have the smartest machine—it’s to build a sustainable defensive posture where the cost of protecting the enterprise doesn’t become a vulnerability in its own right.

