Welcome to VentureBeat’s special issue on “The Real Cost of AI: Performance, Efficiency, and ROI at Scale.” If you’re interested, you can check out more articles from this special edition.
AI holds immense promise, but it also comes with hidden security costs, especially at the inference layer. Attacks targeting the operational side of AI are silently increasing budgets, putting regulatory compliance at risk, and eroding customer trust. These factors all impact the return on investment (ROI) and total cost of ownership (TCO) of enterprise AI deployments.
While AI has captured the imagination of businesses with its potential for groundbreaking insights and efficiency improvements, the reality is sobering. The inference stage, where AI translates investment into real-time business value, is facing challenges that initial business cases didn’t anticipate, driving up TCO in unexpected ways.
Security executives and CFOs who once saw the transformative potential of AI projects are now facing the reality of defending these systems against new threats. Attackers have honed in on the inference stage as a vulnerable point where they can cause significant damage. Breach containment costs can exceed $5 million per incident in regulated sectors, compliance updates can run into the hundreds of thousands, and breaches can lead to stock hits or contract cancellations that impact projected AI ROI. Without controlling costs at the inference stage, AI becomes an unpredictable budget wildcard.
The unseen battlefield: AI inference and exploding TCO
AI inference is quickly becoming the next insider risk, according to Cristian Rodriguez, field CTO for the Americas at CrowdStrike, speaking at RSAC 2025.
Other tech leaders share this viewpoint, highlighting a common blind spot in enterprise strategy. Vineet Arora, CTO at WinWire, notes that many organizations focus intensely on securing AI infrastructure but overlook the inference stage, leading to underestimated costs for continuous monitoring systems, real-time threat analysis, and rapid patching mechanisms.
Steffen Schreier, SVP of product and portfolio at Telesign, warns about the assumption that third-party models are inherently safe to deploy without specific evaluation against an organization’s threat landscape or compliance requirements. This oversight can result in harmful or non-compliant outputs that damage brand trust.
When inference is compromised, it impacts multiple areas of TCO, with cybersecurity budgets escalating, regulatory compliance in jeopardy, and customer trust eroding. The concern is growing among executives, with only 39% feeling that generative AI’s rewards clearly outweigh the risks, according to CrowdStrike’s State of AI in Cybersecurity survey.
Security leaders are divided on the safety of gen AI, with concerns focusing on sensitive data exposure and adversarial attacks on AI tools.
Anatomy of an inference attack
The unique attack surface exposed by running AI models is attracting aggressive probing from adversaries. To defend against this, Schreier advises treating every input as a potential hostile attack. Threats like prompt injection, training data poisoning, and model denial of service are actively impacting enterprises.
- Prompt injection (LLM01) and insecure output handling (LLM02): Attackers manipulate models via inputs or outputs, causing potential harm to the system.
- Training data poisoning (LLM03) and model poisoning: Attackers corrupt training data, leading to malicious outputs.
- Model denial of service (LLM04): Adversaries can overwhelm AI models, causing revenue loss.
- Supply chain and plugin vulnerabilities (LLM05 and LLM07): Vulnerabilities in shared components can expose sensitive data.
- Sensitive information disclosure (LLM06): Querying can extract confidential information from AI models.
- Excessive agency (LLM08) and Overreliance (LLM09): Granting unchecked permissions to AI agents is risky.
- Model theft (LLM10): Proprietary models can be stolen through extraction techniques.
Underpinning these threats are foundational security failures, with adversaries often using leaked credentials for attacks. A deepfake campaign resulted in a fraudulent transfer, while AI-generated phishing emails have shown high click-through rates.
The OWASP framework highlights how various LLM attack vectors target different components of an AI application, showcasing the importance of security.
Back to basics: Foundational security for a new era
Securing AI necessitates a return to security fundamentals through a modern lens. Organizations must enforce unified protection across all attack paths, with a focus on data governance, cloud security, and identity-first security to secure AI systems effectively.
The specter of “shadow AI”: Unmasking hidden risks
Shadow AI, or unsanctioned AI tool use by employees, presents a significant unknown attack surface. Clear policies, employee education, and technical controls are essential to mitigate risks associated with shadow AI.
Fortifying the future: Actionable defense strategies
While adversaries have leveraged AI for attacks, defenders are now using AI for cybersecurity purposes. Key strategies include budgeting for inference security from day zero, implementing runtime monitoring and validation, and adopting a zero-trust framework for AI environments.
Protecting AI ROI: A CISO/CFO collaboration model
Protecting AI ROI requires modeling the financial benefits of security investments. By linking cybersecurity investments to avoided costs, organizations can demonstrate the value of security measures in preserving ROI.
Concluding analysis: A strategic imperative
CISOs must present AI risk management as a business enabler, quantified in terms of ROI protection, brand trust preservation, and regulatory stability. Strategic security investments at the infrastructure layer are crucial for sustaining AI’s financial viability.
Collaboration between CISOs and CFOs is essential to effectively safeguard modern businesses and manage the true cost of AI.
As organizations balance AI innovation with protection, a new level of strategic alignment is needed to ensure sustainable growth and security.
