Whitepaper · CTO · AI Platform Teams

Governing Agentic AI Spend

Multi-agent systems break every cost assumption built for single-call APIs. How to simulate, attribute, and diagnose spend across a tool-calling workflow.

13 min read·~3,100 words·Synthesizes 4 guides

Executive summary

A single-call LLM API has a cost model simple enough to reason about by eye: one request, one price. An agentic workflow — a plan, a set of tool calls, a possible sub-agent handoff, a possible retry — breaks that model in four specific ways: rollout cost doesn't scale linearly with headcount, a flat per-run total hides which tool actually drove the spend, a stuck agent looks identical to a legitimately retrying one if you only count failures, and a slow-moving anomaly detector misses a burst that finishes before the next check runs. This report covers all four, and the governance layer that closes them together.

90/60/30

day cost projection window from real pilot usage data

3

MCP/A2A headers: server, parent run, agent handoff

2 vs 5

retry threshold: deterministic failures vs. retryable ones

2.5σ

deviation threshold for a time-of-day-aware spend anomaly

I. Why agentic systems break every cost assumption

A traditional feature rollout scales roughly with headcount. An agentic workflow breaks that in two directions at once: a single user action can trigger many API calls under the hood as an agent plans, calls a tool, evaluates the result, and iterates — a multiplier invisible from the outside — and adoption of an agentic tool tends to grow non-linearly after rollout as people fold it into daily use, rather than scaling proportionally with the number of new users. Cost governance built for “one call, one price” has no answer for either dynamic, which is why agentic systems need their own governance layer rather than a scaled-up version of single-call budgeting.

II. Projecting cost before rollout

The most expensive mistake in agentic adoption isn't a bug — it's finding out what a company-wide rollout costs by actually doing the rollout. The well-documented failure pattern: a large company gives thousands of engineers access to an agentic coding tool without simulating cost at scale first, and exhausts a full year's AI budget within months. Nobody made an obviously bad call at any individual step; the tool worked well in the pilot, and the budget conversation happened after the invoice instead of before it.

The fix is projecting cost from real pilot data before full deployment: actual calls-per-action and actual token consumption from a smaller group, scaled by a configurable multiplier and growth curve into a 30/60/90-day projection with a recommended budget ceiling attached — catching a rollout that doesn't scale affordably during planning, while scope and tiering can still be adjusted, instead of during the second month of full usage.

→ Full mechanism, including how the scale multiplier and growth curve are applied: Agentic Cost Simulation

III. Attributing cost across the workflow

“My agent cost $180 yesterday, no idea which tool call drove it” is the most common complaint once a workflow is live. A total run cost is visible; which MCP tool server, which step, or which agent-to-agent handoff actually generated it is not, without attribution built specifically for agent workflows. Three headers close that gap: a server identifier on every tool call, a shared run ID tying every step back to its orchestrating execution, and a handoff flag marking calls where one agent invokes a sub-agent.

research-agent$0.21 · 214 tokensweb-search (MCP)$0.42 · 890 tokensdocument-reader (MCP)$0.06 · 312 tokenssynthesis (handoff)

A workflow tree resolves one flat run total into cost per step, per tool, and per handoff — this is illustrative of the mechanism, not a specific customer's reported run.

→ Full mechanism, including Python and TypeScript integration examples: Attributing Cost Across an MCP Tool Call and a Multi-Agent Handoff

IV. Diagnosing a stuck loop before it counts against a limit

A loop breaker that halts an agent after N identical failures sounds complete but treats a rate limit and a malformed argument as the same event, when they are not — one resolves itself if you wait, the other never does. The question that matters isn't “did this call fail” but “does retrying have any realistic chance of succeeding, or will it fail identically forever.” A deterministic failure — a validation error, a malformed tool argument — deserves a short leash, halting after two repeats. A retryable failure — a timeout, a rate limit — deserves more room, since providers recover and rate-limit windows reset.

Counting both the same way produces two failure modes at once: a run recovering from a provider's rough five minutes gets killed mid-recovery, while a run stuck sending the same broken payload burns extra turns it never needed to. Classifying the failure before counting it — not counting failures generically — is what makes the stop condition trustworthy.

→ Full mechanism, including the middle “unknown” category and its own threshold: Retryable vs. Deterministic Errors

V. Root-causing an anomaly, not just flagging one

“Spend is up” only starts an investigation. A useful alert compares against a baseline that already accounts for normal time-of-day and day-of-week variation — a rolling baseline built from the past 14 days, segmented so a Monday 9am reading is compared against other Monday 9am readings, not a global average that would flatten away the pattern that makes a flat threshold noisy in the first place. A deviation beyond roughly 2.5 standard deviations from that specific baseline triggers the alert, with a plain-English hypothesis attached — “likely eval harness left running” — instead of a bare number.

Five recognizable patterns cover most real anomalies: a spend spike, a call-frequency spike (often a retry loop or polling pattern), a new untagged feature reaching production, an unnoticed model change, or a budget projected to run out before the cycle ends. Matching the anomaly's shape to one of these patterns turns a multi-hour investigation into a five-minute confirmation.

→ Full mechanism, including all five anomaly types and the investigation workflow: Anomaly Detection for AI Spend

VI. Agentic governance, end to end

Simulation sets an honest ceiling before a rollout begins. Attribution shows which tool or handoff is driving cost once it's live. Failure classification stops a genuinely stuck agent without punishing one that's legitimately recovering. Root-cause anomaly detection catches the pattern neither of the others is built to see. None of the four is a substitute for the others — together, they're what “governing agentic spend” actually means, as opposed to applying single-call budgeting to a system that was never built like a single call.

Govern your own agentic workflows

10-day free trial, no credit card required. Simulation, MCP attribution, failure classification, and root-cause anomalies, from your first agent run.

Start free trial →