Cloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and sovereign clouds shake up the cloud provider landscape. New cyberthreats, shifting compute requirements, and management complexity are adding to cloud complications.

Download the June 2026 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World, and learn how to navigate the latest cloud strategy developments.

Enterprise IT leaders have always struggled with AI pricing, especially the need to pay for AI in a way that delivers ROI. But the typical IT exec may not be right person to decide how a company uses AI — and how it tries to deliver ROI — because so many line-of-business workers and partners are now experimenting with the technology on their own.

And if IT leaders don’t have a grip on how they want to use AI over the next year or two, it’s impossible to figure out how they want to pay for it. They likely hate the current method of paying per token. And other options, such as SAP’s push to charge per AI task completed, aren’t any better. 

To use a sales analogy, IT doesn’t want to pay a lot of money for leads, because there’s no way to know if those leads will generate any revenue — let alone how much. What IT leaders want is the tech equivalent of paying commission, where they only pay when a lead converts into a paying customer. And even then, they only pay a percentage of the final sale. That guarantees ROI for the enterprise.

The problem: no AI vendor would ever go for it because that approach puts too much risk on them. 

Finding a pricing model that works for both enterprise IT and AI vendors is all but impossible as long as IT is trying to deliver ROI.

Irfan Khan, president of SAP Data & Analytics, said the problem is challenging for both sides. “Everyone is scrambling to justify their investments,” and “the day one cost is not necessarily the day one value,” he said.

The problem is one of sequence. Pricing has to be negotiated and locked in long before a project starts. But with technology as new and experimental as agentic AI, there’s almost no solid information about what benefits it will (or will not) actually deliver. 

Beyond that, generative AI (genAI) and agentic AI systems might well deliver benefits that are harder to jot down in a spreadsheet. Let’s say the CFO wants to see a sharp rise in order fulfillment. But what if AI “manages to fulfill those orders more efficiently,” Khan said. “And what are the likely ripple effects of bringing more efficiencies into the process?”

Justin Greis, CEO of consulting firm Acceligence, frames the AI pricing disconnect in terms of market economics:

“The market is trying to force-fit AI into infrastructure-era pricing models, when AI is fundamentally closer to labor augmentation and business process transformation than compute consumption,” Greis said. “The core disconnect is: Enterprise IT buyers want pricing aligned to realized business value. AI vendors want pricing aligned to resource consumption and platform utilization. Those are very different economic models. 

“Token pricing is attractive to vendors because it is measurable, scalable, and predictable. But from the enterprise perspective, tokens are almost meaningless as a business metric. Nobody on the CFO side cares how many tokens were consumed if the process improvement never materialized.”

The competing pricing strategies overwhelmingly rely on just two factors: what delivers the most profit and which is the easiest to execute. Given human nature, the latter is usually the path most often taken.

It’s like one of my favorite jokes. A guy is heading to his car when he sees a man with a flashlight intently looking at the ground right next to a streetlight pole. 

“Can I help you? Are you looking for something?” the guy asks.

“Yes, I lost my car keys.”

“Silly question, but where do you last remember having them?”

“I was standing over there in that dark alley up the street. A cat screeched and I dropped my keys.”

“Wait a second — if you lost your keys over there, why are you looking here?”

“The light’s better over here.”

The lesson: taking the easy route usually beats realizing the actual objective.

Greis argued that not only would it be hard to persuade AI vendors to accept ROI pricing, but if they did  somehow agree, the unintended results could prove disastrous. 

“AI vendors cannot realistically absorb unlimited downstream business risk tied to variables they don’t control — poor internal adoption, broken processes, bad data, organizational politics, weak change management, or unclear KPIs. But the moment vendors are compensated primarily on outcomes, you create strong incentives for increasingly autonomous optimization behavior. That sounds great until organizations realize that AI systems may pursue the metric rather than the intent behind the metric,” Greis said. 

“We’ve already seen versions of this in recommendation engines, ad targeting systems, and engagement algorithms. The system learns to maximize the measurable outcome even if the methods become operationally risky, ethically questionable, reputationally damaging, or strategically misaligned. In enterprise environments, that could become dangerous very quickly. An AI system incentivized around reducing service costs might aggressively deflect legitimate customer issues. A model rewarded for sales conversion could push manipulative messaging or optimize for short-term wins at the expense of customer trust. A procurement optimization engine might lower costs while quietly increasing supplier concentration risk or degrading operational resilience.

“The more autonomous these systems become, the harder it is to separate ‘successful outcome’ from ‘acceptable behavior.’”

The best way to resolve this is potentially the most difficult. Every AI project must be approved by an AI committee whose members must ask the hard questions. What are you hoping to accomplish? If it works, specify and quantify your best-case scenario benefits. What are the most likely ways it could fail? What are the costs and disruptions most likely to happen if it fails in that way? Quantify those. 

The committee should have at least a couple of members who know exactly what these models can and cannot do to serve as a reality check. 

Next, require the LOB chief, or whoever the most senior exec involved in the project is, to share in the pain. Tie gains or losses to executive bonuses. Give those execs a reason to make sure their people are honestly and creatively thinking the project all of the way through. 

Only once that happens can a CIO know how to negotiate a fair and reasonable AI pricing deal.

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns.

The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United Services Institute (RUSI), a UK-based defense and security think tank, defines PF as the use of funds or financial services to acquire, develop or otherwise deal in weapons of mass destruction (WMD). It states, “North Korea and Iran are now developing and deploying AI models to aid with sanctions evasion activities.”

Key findings include the fact that AI is now capable of mass producing high-quality fraudulent documents, as well as automating what the report describes as “the administrative minutia of managing extensive shell company  networks.” AI powered systems, it states, can also “analyze blockchain patterns in real time to dynamically adjust cryptocurrency mixing strategies, effectively evading detection tools.”

In addition, it says, “[tools such as generative AI] which can produce sophisticated fraudulent identification documents, for example, have helped North Korea perpetrate phishing attacks against Western companies.”

Dr. Aaron Arnold, senior associate fellow with the Centre for Finance and Security at RUSI, who authored the paper, said in an email that what prompted it was an uptick over the last year in North Korea’s use of AI to facilitate and enhance its cyber operations, in the form of phishing schemes designed to generate revenue for the country’s ballistic missile and nuclear weapons programs.

He advised enterprise IT managers who need to protect their organizations from becoming victims of sanction evasion activities that “[it] means largely adapting to a landscape where traditional human-focused security boundaries are being bypassed by automated technologies.”

For IT managers, said Arnold, “this might entail incorporating defensive AI, the use of behavior-based analytics, using ‘circuit breakers’ when there is heavy use of API or MCPs, updating personnel training, and hardening identity verification, especially for any remote hiring.” 

Distinction between AI-assisted and AI-enabled activity is ‘central’

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the RUSI report matters “because it names the right structural shift. AI is not creating sanctions evasion from thin air, it is compressing and scaling methods that already work.”

He pointed out that none of the sanction-evading techniques such as fraudulent documents, synthetic identities, shell companies, hidden beneficial ownership, crypto laundering, and others are new. “What changes is the speed, quality, volume and coordination with which these methods can now be assembled,” he said.

According to Gogia, “the distinction between AI-assisted and AI-enabled activity is central. AI-assisted evasion uses AI for discrete tasks: writing a better email, producing a cleaner document, generating a stronger false profile, translating a pitch, summarizing regulations or preparing a plausible job application. AI-enabled evasion is more serious.”

A ‘structural asymmetry’

This tactic, he said, “begins to coordinate the system itself. It links identity, documents, ownership structures, payment routes, cloud access, crypto wallets, API calls and timing. The difference is not whether AI helps someone fake a document. The difference is whether AI begins to orchestrate the deception.”

That is why the report’s findings should worry enterprise leaders, he noted: “Many organizations still assume the bad actor is mostly human, mostly linear and mostly slow. That assumption is expiring. AI lets adversaries run more attempts, with fewer errors, across more channels, in more languages, with better paperwork and greater patience than most enterprise review processes can absorb. This is not a tale of genius criminals discovering magic. It is the story of ordinary controls meeting industrialized plausibility.”

The evidence today, he pointed out, is strongest around tactics such as identity fraud, document fraud, synthetic personas, remote-worker deception, phishing, social engineering, crypto obfuscation and workflow abuse. “Fully autonomous evasion networks sit on the horizon,” he said. “They are serious, but they are not yet the everyday baseline.”

This distinction matters, said Gogia: “If enterprises obsess over cinematic autonomous agent scenarios while leaving remote hiring, vendor onboarding, payment approvals, and document review full of holes, they will lose in the most prosaic way imaginable.”

The report, he said, also gets the “asymmetry” right. “Offensive actors can learn across the ecosystem,” he said. “They can scrape open information, reuse leaked records, study enforcement patterns, test onboarding forms, inspect public procurement data, watch court filings, probe compliance thresholds and [use the information to] refine their behavior.”

Defenders, by contrast, are hemmed in by privacy rules, fragmented data, explainability requirements, jurisdictional boundaries, conservative operating models and siloed technology estates. “Offensive AI learns broadly,” he said. “Defensive AI often learns from fragments. That is the structural asymmetry.”

He explained that the regulatory landscape also amplifies the problem, in that regulatory bodies “still speak in separate dialects. [For example] the EU AI Act pushes organizations toward stronger obligations for high-risk AI. NIST-style frameworks push risk management, transparency, and governance.”

A trust architecture problem

Financial Action Task Force (FATF) expectations push national risk assessment and counter-proliferation controls, he noted, while banking regulators focus on model risk, accountability and operational resilience. “None of these streams is irrelevant. The trouble is that criminals do not organize themselves around regulatory workstreams. They organize around outcomes.”

What that means, said Gogia, “is that enterprise cannot wait for a clean global rulebook. It will not arrive in time. CIOs, CISOs, compliance officers and boards need a working governance model now. They need privacy-preserving analytics, controlled data environments, audit trails, legal safeguards and clear model-risk accountability.”

He said that enterprise IT managers should treat the situation as a trust architecture problem rather than a narrow sanctions-screening problem. “The uncomfortable truth is that AI is not simply helping bad actors write better phishing emails or forge tidier documents,” he noted. “It is helping them manufacture legitimacy across a chain of enterprise workflows.”

Likely outcome an ‘AI arms race’

Report author Arnold also noted that there are signs that cyber criminals have discovered new AI technologies and abilities that legitimate enterprises could adopt for legitimate applications.

History, he said, “is replete with [criminals] developing novel solutions to tough problems, [which are] later adopted by law enforcement. Much of our anti-financial crime policy is effectively a response to bad actors exploiting systems or using technology in novel ways to perpetrate crimes. In this scenario, I think an ‘AI arms race’ between enforcement authorities and bad actors is the most likely outcome.”

Gogia added, “the baddies are not teaching enterprises how to invent AI. They are teaching enterprises where trust is leaking. That is the lesson worth taking seriously.”

This article originally appeared on CIO.com.