
Companies racing to deploy AI are hitting a cost ceiling, especially in cybersecurity where attackers and defenders face opposite economics. While attackers use cheap, unguarded open-source models to target single applications, defenders must run expensive frontier models continuously across thousands of applications. The solution is not repricing, but architecture: combining specialized and frontier models with intelligent task routing to match each job to the right model at the right cost.
Summaries like this, in your inbox every morning.
Sign up free →What happened
Companies are rationing AI spending as costs exceed budgets—Uber burned through its annual AI budget in four months and capped employee access to agentic coding tools at $1,500 per month. In cybersecurity, the imbalance is acute: attackers need cheap, open-source AI to target one application, while defenders must continuously test thousands of applications across their entire portfolio, mostly on expensive frontier models.
Why it matters
The economics of cyber defense have fundamentally shifted. An attacker runs a capable open-source model continuously until finding one entry point; a defender running frontier models continuously across an enterprise portfolio pays orders of magnitude more for the same method. Most defensive tasks do not require the world's most advanced AI model, yet organizations price them as if they do—making the defender's cost curve unsustainable.
What to watch
The winning approach will combine proprietary specialized models with frontier models, routing each task to the model that performs best for it, rather than relying on frontier models alone. Organizations must own the full offensive AI stack—models, prompts, and routing logic—and continuously benchmark and optimize the system for recall, precision, and cost.
The article presents a structural cost crisis in enterprise AI spending, using cybersecurity as the sharpest example of a broader pattern. Uber's budget depletion in four months signals that many organizations underestimated AI operating costs when they built their deployment plans. The real problem, the author argues, is architectural: companies have defaulted to using the same expensive frontier model (a general-purpose AI built for broad reasoning) for every task, including narrow, high-volume work that does not require that capability. This is economically unsustainable at scale.
The cybersecurity domain illustrates the asymmetry starkly. Attackers operate under completely different constraints—they need to find a single vulnerability in a single application and can afford to run cheap, specialized open-source models continuously. Defenders, by contrast, face an inventory problem: they must validate security across their entire application portfolio, every deployment, and every attack vector. Running frontier models for all of that work creates a cost curve that cannot keep pace with an attacker's economics. The author, Ido Geffen (co-founder and CEO of Novee Security), proposes that the only viable solution is to own the full stack—choosing the right model for each task rather than defaulting to the most advanced one, and continuously re-optimizing that choice as new models, costs, and attack techniques emerge. The implication is that companies that treat AI as a single fungible compute resource will lose to those that build adaptive, task-specific architectures.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion





Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack