“Google recently gave us something we’ve been waiting on for years: hard numbers on how much energy an AI prompt uses.”

According to their report, the median Gemini prompt consumes just 0.24 watt-hours of electricity — roughly running a microwave for a second — along with a few drops of water for cooling.

On its face, that sounds almost negligible. But the real story isn’t the number itself. It’s about incentives: who benefits, who pays, and how those dynamics shape how we deploy AI.

A Digital Identity Digest

Who Really Pays When AI Agents Run Wild? Incentives, Identity, and the Hidden Bill

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 / 00:11:21

Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio

RSS Feed

Share

Link

Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

A history lesson from the cloud

To understand how incentives can blindside us, let’s revisit the cloud computing boom. You remember that, right? “Save all the money! Get rid of your datacenter! Cloud computing ftw!”

In 2021, Sarah Wang and Martin Casado of Andreessen Horowitz published “The Cost of Cloud: A Trillion-Dollar Paradox.” They showed how cloud services, while indispensable for speed and agility, became a drag on profitability at scale. Dropbox famously repatriated workloads back from public cloud and saved $75 million over two years — a shift that doubled their gross margins from 33% to 67%. CrowdStrike and Zscaler adopted hybrid approaches for similar reasons.

The takeaway: Early incentives reward adoption. But when the bills grow large enough, cost discipline suddenly becomes a board-level issue. By then, inefficiency is already baked into operations.

AI energy use is following the same arc. Vendors and enterprises alike are celebrating adoption, but the hidden costs are waiting to surface.

The incentives for vendors

AI vendors want mass adoption, and their incentives reflect that. They’ll emphasize efficiency gains — like Gemini’s 33-fold reduction in energy per query from 2024 to 2025, according to their recent report — but those are selective disclosures.

As the MIT Tech Review story “In a first, Google has released data on how much energy an AI prompt uses” pointed out, disclosures become marketing tools without standardized metrics. Vendors reveal what flatters them, not necessarily what helps customers make better choices.

And the race to ship bigger, more capable models only deepens this misalignment. Scale brings revenue. The energy, water, and carbon costs? Those are someone else’s problem.

The incentives for enterprises

Enterprises often don’t see the full picture either. A cloud invoice hides the per-prompt costs. IAM and security teams grant permissions to agents, but they don’t own the sustainability budget. Sustainability teams, meanwhile, don’t have visibility into permissions and entitlements.

The result: over-provisioning goes unnoticed. AI agents are allowed to “just run,” and every permissioned action quietly consumes resources. Those costs add up, but they land in someone else’s ledger, often long after the decisions were made.

This is the same organizational mismatch cloud adoption created: IT ops pays the bill, developers get the flexibility, and the CFO finds out later. AI is just the next chapter.

Incentives and regulation

Here’s where things start to change. Environmental, Social, and Governance (ESG) reporting isn’t optional anymore; regulators are giving incentives real teeth.

• United States: The SEC’s new climate disclosure rule requires large public companies to report greenhouse gas emissions. Failure to comply has already resulted in multimillion-dollar fines for ESG misstatements, like Deutsche Bank’s $19M settlement.
• Europe: The EU’s Corporate Sustainability Reporting Directive (CSRD) sets steep penalties. In Germany, fines can reach €10 million or 5% of turnover. In France, executives risk prison time for obstructing disclosures.
• Australia: Directors must certify sustainability data as part of financial filings. Failure to comply can trigger civil penalties in the hundreds of millions, with individuals personally liable for up to AUD 1.565 million.

None of this is about fearmongering. (OK, maybe it’s a little bit of fearmongering in the hope of catching your attention.) It’s also a reality. Boards are now directly accountable for climate and resource disclosures. AI usage may feel “small” at the per-prompt level, but at enterprise scale, it becomes part of that regulatory picture.

Where identity comes in

So where does identity fit?

Every AI-agent action isn’t just a governance event; it’s also a consumption event. Permissions are no longer just about who can do what. They’re also about what we’re willing to pay, financially and environmentally, for them to do it.

Standing access matters here, too. A human user with unused entitlements is a risk; an AI with broad entitlements is a resource leak. It will happily keep churning until someone tells it to stop — and by then the costs have already piled up.

Imagine if your audit logs evolved to show not just “who accessed what,” but “how much energy and water those actions consumed.” It sounds futuristic, but sustainability reporting is heading in that direction. IAM teams may find themselves pulled into ESG conversations whether they want to be or not.

Runtime governance as sustainability

Earlier, I argued that runtime governance is essential when AIs can act faster than human oversight cycles. Here’s the sustainability angle: runtime checks can throttle not just security risks, but waste.

• Deny agents the ability to hammer a system with brute-force permutations.
• Flag actions that consume far more resources than typical queries.
• Revoke unnecessary entitlements before they become both a risk and an expense.

Governance is shifting from “is this allowed?” to “is this worth it?”

Bridging past lessons with today’s challenges

The hidden costs of the cloud were supposed to teach us that efficiency ignored eventually becomes inefficiency entrenched. I’m not convinced people and organizations have learned that lesson, but regardless, AI is repeating that story, with energy, water, and carbon as the currencies.

Like cloud spend, AI resource usage may start small, but it scales faster than oversight cycles. And when regulations demand transparency, boards will want answers.

Identity leaders are uniquely positioned here. Permissions are the gate between an agent’s intent and its actions. Expanding the governance lens to include consumption could help organizations stay ahead of both the bills and the regulators.

Putting it together

So let’s put this together:

• Vendors are incentivized by adoption and scale, not efficiency.
• Enterprises have silos that hide true costs.
• Regulators are introducing real penalties for climate and resource misstatements.
• Identity teams are sitting at the chokepoint, granting permissions that double as consumption choices.

The shift isn’t about turning identity professionals into sustainability officers. It’s about recognizing that incentives travel with permissions. And when permissions scale through AI, the hidden costs travel with them.

So here’s my question for you: have you seen incentives around AI use in your organization, good or bad? And if so, how did those incentives shape the choices your teams made?

Because incentives aren’t just a policy issue or a compliance box. They’re the difference between governance, which you can explain to your board, and governance, which you only notice when the bill or the fine arrives.

📩 If you’d rather track the blog than the podcast, I have an option for you! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00:29] Hi everyone, and welcome back to A Digital Identity Digest. I’m Heather Flanagan, and today we’re going to talk about something that’s only just starting to make the headlines: what happens when AI agents run wild—and who actually ends up footing the bill.

Spoiler alert: it’s probably not the vendors themselves, and it’s probably not who you think inside your own organizations either.

[00:00:53] In this episode, we’ll explore:

• The incentives driving AI adoption
• The role of identity in hidden costs
• The growing regulatory landscape around sustainability

Setting the Stage

[00:01:04] What inspired today’s conversation is a recent Google report that finally revealed some long-awaited data: how much energy a single AI prompt consumes.

[00:01:20] Their findings? The median Gemini prompt uses about 0.24 watt hours of electricity.

[00:01:28] To put it in perspective:

• That’s like running your microwave for one second, plus a few drops of water for cooling.
• At first glance, it seems tiny. But at scale, millions of these “drops in the ocean” can eventually flood entire continents.

[00:01:46] The real story isn’t about that single number. Instead, it’s about the incentives behind those numbers—who benefits, who pays, and how those dynamics shape AI deployment.

Lessons from the Cloud

[00:01:57] To understand today’s AI landscape, let’s rewind to the early days of cloud computing. Remember the pitch? “Save money, get rid of your data center—cloud computing for the win.”

[00:02:20] But by 2021, Sarah Wang and Martin Casado at Andreessen Horowitz highlighted the Trillion Dollar Paradox:

• Cloud was amazing for speed and agility.
• Yet at scale, it dragged on profitability.

[00:02:30] Dropbox learned this firsthand, repatriating workloads from the public cloud and saving $75 million over two years—doubling their margins in the process.

[00:02:51] The key lesson? Early incentives reward adoption. But once costs balloon, discipline becomes a board-level issue.

[00:03:10] AI is following the same arc. We’re in the “woohoo adoption” phase now, but hidden costs are waiting to catch up.

Vendor Incentives

[00:03:24] Let’s start with the incentives for LLM vendors. These are crystal clear: encourage mass adoption.

[00:03:33] Vendors emphasize efficiency gains. Google bragged about a 33-fold reduction in energy per query between 2024 and 2025.

[00:03:43] Sounds impressive. But disclosures are:

• Not standardized
• Highly selective
• Designed to flatter the vendor, not inform customers

[00:03:53] Meanwhile, the race for bigger, flashier, more capable models continues. The revenue comes in, but the energy, water, and carbon costs are left as someone else’s problem.

Enterprise Incentives

[00:04:09] For enterprises, the picture is murkier. Why? Because:

• Cloud invoices hide the per prompt cost.
• IAM and security teams grant permissions but don’t own the sustainability budget.
• Sustainability teams lack visibility into entitlements.

[00:04:34] The result?

• Over-provisioning goes unnoticed.
• AI agents run unchecked.
• Bills land on someone’s desk long after the fact—often someone who had no say in granting permissions.

[00:04:58] This is déjà vu from the cloud era. Ops pays the bill, developers enjoy flexibility, and the CFO discovers the hit too late.

Regulators Enter the Chat

[00:05:03] Unlike the early cloud days, regulators are already watching. ESG (Environmental, Social, and Governance) reporting is now mandatory in many regions.

[00:05:15] Examples include:

• United States: SEC Climate Disclosure Rule, with fines already issued (e.g., Deutsche Bank’s $19M settlement).
• Europe: Corporate Sustainability Reporting Directive (CSRD), with penalties up to €10 million or 5% of turnover.
• France: Executives can face prison time for obstructing disclosures.
• Australia: Civil penalties can reach hundreds of millions, with directors personally liable.

[00:06:20] This isn’t fearmongering—it’s reality. Boards are accountable, and one AI prompt may seem trivial, but multiplied across millions of queries, it becomes a regulatory reporting item.

Where Identity Comes In

[00:06:38] Every AI agent action is more than a governance event—it’s also a consumption event.

• Permissions = not just who can do what, but what we’re willing to pay financially and environmentally.
• An unused human entitlement is a risk. An AI with broad entitlements is a resource leak that runs until stopped.

[00:07:15] Imagine if audit logs didn’t just say who accessed what, but also recorded how much energy and water were consumed.

[00:07:24] That may sound futuristic, but sustainability reporting is moving that way. IAM teams could soon be pulled into ESG discussions—whether they feel it’s their role or not.

Governance Shifts

[00:07:37] Governance isn’t just about security anymore. With AI, it’s about balancing risk and resource consumption.

• Runtime checks can throttle wasteful AI actions.
• Agents can be denied brute-force or high-cost queries.
• Entitlements can be revoked before they pile up into risks—or expenses.

[00:08:07] Governance now asks not only “Is this allowed?” but also “Is this worth it?”

History Repeats Itself

[00:08:14] Cloud should have taught us that ignored inefficiency becomes entrenched inefficiency. Once it’s embedded in infrastructure, it’s painfully hard to extract.

[00:08:38] AI is repeating that story—with water, energy, and carbon as the new currencies.

[00:08:54] When regulators demand transparency, boards will expect clear, defensible answers. And that’s where identity leaders can step up.

[00:09:01] Permissions sit at the choke point between agent intent and agent action. Expanding governance to include consumption metrics gives organizations a head start on both the bills and regulatory scrutiny.

Bringing It All Together

[00:09:16] To recap:

• Vendors chase adoption and scale, not efficiency.
• Enterprises operate in silos that hide true costs.
• Regulators are introducing significant penalties for ESG misstatements.
• Identity teams control permissions, which now double as consumption risks.

[00:09:41] IAM professionals don’t need to become sustainability officers. But they must recognize that incentives travel with permissions—and when AI scales, costs scale too.

[00:09:57] So here’s the key question:
Have you seen incentives around AI use in your organization—good or bad? And how are those incentives shaping your team’s decisions?

Because incentives aren’t just about compliance checkboxes. They’re the difference between proactive governance, you can explain to your board, and reactive governance, you only notice when the bill—or the fine—lands on your desk.

Closing Thoughts

[00:10:23] That’s it for this episode of A Digital Identity Digest. If you found it useful, subscribe to the podcast or visit the written blog at sphericalcowconsulting.com for reference links.

[00:10:45] If this episode brought clarity—or at least sparked curiosity—share it with a colleague and connect with me on LinkedIn at lflanagan. Don’t forget to subscribe and leave a review on Apple Podcasts or wherever you listen.

Stay curious, stay engaged, and let’s keep these conversations going.