Reaction: Krebs on AI Token Costs — The Defense Sector Is About to Learn This Lesson the Hard Way
OFFSET Reaction | 02 June 2026
In response to a post by Brian Krebs (cybersecurity journalist, KrebsOnSecurity) on LinkedIn, 01 June 2026, sharing a Wall Street Journal report on enterprise AI token cost rationing.
Brian Krebs posted a sharp observation yesterday, pairing a viral social media image — “Your player character didn’t die. You just forgot to keep inserting tokens.” — with a Wall Street Journal story documenting what is now a widespread enterprise reality: corporate AI budgets are blowing out, AI platforms are ending their subsidy period, and companies that built their AI strategies around all-you-can-eat pricing are scrambling.
The WSJ’s numbers are striking. Uber exhausted its annual agentic AI budget by March. Enterprises are reporting token costs doubling or tripling. Only 18% of spending on AI coding tokens is translating into shipped products. Meta’s CTO Andrew Bosworth issued an internal memo warning employees that “token usage alone is not a measure of impact of any kind.”
Krebs’ framing is perfect: the player character didn’t die. The game just started charging by the move.
This matters for the defense sector in ways that the enterprise software conversation has not yet fully surfaced.
What the Defense Sector Has Been Doing
Over the past 18 months, the defense AI procurement landscape has been shaped by a specific dynamic: vendors — from the large primes to the venture-backed startups — have been demonstrating AI capabilities in controlled environments, often at subsidized or cost-plus rates, against government customers who have not yet developed the internal capacity to measure what they are actually buying.
The pattern looks like this. A defense agency or combatant command signs an enterprise AI agreement — a blanket purchase agreement, an OTA, a pilot contract. The vendor provides access to a frontier model or a fine-tuned derivative. Users across the organization begin experimenting. Token consumption grows. The vendor, operating on usage-based pricing at the backend, absorbs the cost during the pilot period to build adoption. The government customer reports “increased productivity” and “positive user feedback” in program reviews. The contract is renewed or expanded.
What has not happened, in most cases, is a rigorous accounting of what those tokens actually produced in terms of mission outcomes. The 18% figure from EntelligenceAI — only 18 cents of shipped product for every dollar of AI coding token spend — is a commercial software benchmark. There is no equivalent published figure for defense AI use cases. That absence is not reassuring.
The Subsidy Period Is Ending for Defense Too
The WSJ story documents a structural shift in the commercial AI market: model providers are moving from subsidized flat-rate pricing to usage-based pricing that reflects actual compute costs. This shift is not confined to commercial enterprise customers. It will propagate through the defense AI vendor ecosystem on a lag, and the lag is shorter than most program offices currently assume.
The mechanism is straightforward. Defense AI vendors — whether they are reselling access to OpenAI, Anthropic, or Google models, or running their own fine-tuned derivatives on leased compute — are themselves subject to the same cost pressures the WSJ is documenting. As their upstream costs rise, they face a choice: absorb the margin compression, pass it through to government customers in the form of higher per-token or per-seat pricing, or restrict usage to stay within contract ceilings.
All three of these outcomes are already occurring in the commercial market. They will occur in the defense market. The question is whether program offices are positioned to manage the transition, or whether they will discover the problem the same way Uber did — by hitting their annual budget in March.
The Deeper Problem: Defense AI Has a KPI Problem
The Krebs post and the WSJ story are ultimately about a measurement failure. Enterprises deployed AI at scale without building the instrumentation to measure what it was producing. When the bill came due, they had no principled basis for deciding which use cases to keep and which to cut, because they had not been tracking outcomes — only consumption.
The defense sector has a version of this problem that is structurally more severe.
In the commercial context, the measurement gap is a business efficiency problem. A company that cannot demonstrate ROI on its AI spend will eventually rationalize its usage, find the high-value use cases, and cut the rest. The feedback loop is financial: costs rise, budgets constrain, managers optimize.
In the defense context, the measurement gap is a mission effectiveness problem. If a combatant command is consuming AI tokens at scale — for intelligence analysis, for targeting support, for logistics optimization, for information operations — and cannot demonstrate that consumption is producing better decisions or better outcomes, the problem is not a budget overrun. It is a capability illusion. The organization believes it has an AI-enabled advantage that it may not actually have.
This is not a hypothetical. The intelligence community has been wrestling with AI-assisted analysis for several years, and the honest assessment from practitioners is that the productivity gains are real but uneven, the error modes are novel and poorly understood, and the institutional capacity to audit AI-generated assessments is lagging the deployment of AI tools that produce them. The same pattern is emerging in targeting, in logistics, and in information operations.
The Permission Problem Nobody Wants to Talk About
The viral image Krebs shared included a line that the LinkedIn comment thread largely ignored: “And then there’s the permission problem nobody wants to talk about. To do its job, the AI agent needs access. Full access. Your systems, your patents, your future plans. Everything you spent years building, handed over to a process that has no loyalty, no discretion, and…”
The post was cut off by the login wall, but the argument is clear. Agentic AI — AI that acts autonomously on behalf of an organization — requires access to the organization’s most sensitive data and systems to be useful. The access grant that makes the AI effective is the same access grant that creates the exposure.
For defense and intelligence organizations, this is not an abstract concern. It is the central unresolved tension in every AI deployment discussion happening right now. The more capable the AI system, the more access it requires. The more access it has, the larger the attack surface, the broader the potential for data exfiltration, and the more significant the consequences of a model failure or adversarial manipulation.
The commercial enterprise is beginning to reckon with this in the context of cost and productivity. The defense sector needs to reckon with it in the context of operational security and adversarial exploitation. Those are harder problems, and the defense AI ecosystem has not yet produced the governance frameworks to address them at the pace of deployment.
What This Means for Defense AI Procurement
The Krebs post is a leading indicator. The commercial AI market is approximately 12 to 18 months ahead of the defense AI market in terms of deployment maturity and the emergence of second-order problems. The token cost crisis, the measurement gap, and the permission problem are all arriving in the commercial sector now. They will arrive in the defense sector on that lag.
Program offices and acquisition professionals should be tracking three specific developments:
Token pricing transparency in defense AI contracts. Most current defense AI contracts do not include explicit token pricing provisions or usage caps. As vendors face upstream cost pressure, the absence of these provisions creates budget exposure that is not currently reflected in program baselines. Contracts being negotiated now should include usage-based pricing terms, consumption monitoring requirements, and renegotiation triggers.
AI outcome measurement frameworks. The 18% shipping rate figure from EntelligenceAI is a commercial benchmark, but the defense sector needs equivalent metrics for its own use cases. What percentage of AI-assisted intelligence assessments are acted upon? What is the error rate on AI-generated targeting recommendations? What is the measurable improvement in decision cycle time from AI-assisted logistics? These numbers do not currently exist in a form that allows program-level accountability. Building them is not optional — it is the precondition for knowing whether the AI spend is producing anything.
Agentic AI access governance. The permission problem Krebs’ shared post identified is arriving in defense AI deployments in the form of agentic systems that require broad data access to function. The governance frameworks for managing this access — what data can an AI agent touch, under what conditions, with what logging and audit requirements — are lagging the deployment of the systems themselves. This gap needs to close before the next generation of agentic defense AI tools reaches operational deployment at scale.
OFFSET Assessment
Brian Krebs is a cybersecurity journalist, not a defense analyst. But the pattern he identified — organizations deploying technology at scale without measuring outcomes, then discovering the cost when the subsidy ends — is one of the most reliable failure modes in technology adoption, and it does not respect sector boundaries.
The defense AI ecosystem is in the subsidy phase. The platforms are still competing for market share, the government customers are still in the experimentation phase, and the measurement infrastructure does not yet exist to distinguish the high-value use cases from the token-burning noise. When the subsidy ends — and it will end, on the same timeline it is ending in the commercial market — the defense sector will face the same reckoning Uber faced in March.
The organizations that will navigate that reckoning well are the ones building the measurement infrastructure now, before the bill arrives. The ones that will not are the ones still counting token consumption as a proxy for AI effectiveness.
Token usage alone is not a measure of impact of any kind. That is true in enterprise software. It is more consequentially true in defense.
Prompted by Brian Krebs’ LinkedIn post, 01 June 2026, sharing a Wall Street Journal report (Bradley Olson, “Corporate America Is Starting to Ration AI as Cost Skyrockets,” WSJ, 28 May 2026). Sources: WSJ/archive.ph; EntelligenceAI data cited in WSJ; Meta CTO Andrew Bosworth internal memo, April 2026.
*AI generated