The economics of AI changed fast. The security implications of that change have not kept pace.

Per-token costs have fallen roughly 75 percent year-over-year according to enterprise spending data from Ramp. Epoch AI research puts the decline closer to 200x annually when accounting for both pricing and efficiency gains. The unit price of intelligence dropped faster than almost anyone predicted. Organizations spent more anyway. Enterprise AI spend averaged $1.2 million per company in 2025, more than double the prior year, according to Zylo’s 2026 SaaS Management Index. Nearly 80 percent of IT leaders reported unexpected charges tied to consumption-based pricing. The bill went up because consumption went up. Cheaper tokens meant more tokens.

That dynamic is now colliding with a second pressure: the ceiling on what enterprises will pay is real and it is being reached. Enterprise OpenAI pricing increased 120% year-over-year according to SpendHound data from actual paying companies. Anthropic changed its pricing model to charge enterprise customers based on usage rather than flat fees, and is applying a new tokenizer to its latest models that observers say is pushing costs higher. Monthly API costs per engineer now range from $500 to $2,000 at some organizations. Gartner projects enterprise AI spending to reach $6.3 trillion by 2030 and finance teams are noticing.

When proprietary model costs reach a threshold the organization cannot justify, or afford, procurement teams start looking elsewhere. The alternative they find is open-weight models, and the cost gap is significant. Analysis cited by Swfte AI found open-source alternatives achieve 80% of proprietary model capability at 86% lower cost. Gartner forecasts more than 60% of businesses will adopt open-source models for at least one application. By early 2026, the performance gap between open-weight and proprietary models narrowed from 20 to 30 percentage points, in 2023, to roughly 5 to 10 points on most evaluations, according to research cited by Let’s Data Science.

The efficiency case is straightforward. The security case is not.

Chinese open-weight models sit at the center of that problem. DeepSeek downloads rose nearly 1,000 percent following the R1 release in January 2025, according to the Government’s AI Safety Institute. The cost argument can’t be ignored: GPT-4-equivalent performance that cost $20 per million tokens in late 2022 costs approximately $0.40 per million tokens in early 2026, and Chinese labs are pricing below that. A cost-constrained engineering team, working under budget pressure and looking for a capable model they can self-host, does not always stop to ask if they can or consider what the supply chain behind the model looks like.

The Booz Allen Hamilton “What’s in America’s Code?” report, published in May 2026, documented a 131 percent vulnerability spike in Qwen3 under government-specific evaluation conditions. That is not a benchmark artifact. That is a signal about what happens when a Chinese model is embedded inside a system that handles sensitive data. The mechanism is cost-driven adoption at the team level, followed by a security consideration that surfaces only after the technology is in production.

The problem is not limited to the defense sector. Open-weight models are entering development environments, coding pipelines, and enterprise workflows across the economy. But the stakes are highest where the data is most sensitive and the regulatory floor is already defined. For companies in the Defense Industrial Base, that floor is CMMC.

CMMC Level 2 requires 110 security practices derived from NIST SP 800-171. It applies to any contractor handling Controlled Unclassified Information. The framework does not currently contain AI-specific controls, but that is changing. Section 1513 of the FY2026 National Defense Authorization Act directs the Department of Defense to develop a cybersecurity framework for AI and machine learning systems and to incorporate that framework into both DFARS and CMMC. The legislation defines covered AI/ML broadly: source code, model weights, training data, algorithms, and the software used to evaluate whether the AI system is trustworthy. If a contractor develops, deploys, stores, or hosts any of that for the Department of War, they are a covered entity.

CMMC began with a provision in the FY2020 NDAA and took years to finalize. Many contractors found themselves unprepared when it came into effect. The pattern is repeating. Section 1513 does not include an implementation deadline for the full framework, but it directs DoW to submit a status update to Congress by June 16, 2026. The assessment framework is due by June 2027. The window between now and formal enforcement is not a period to delay. It is a period to audit.

Third-party assessors will ask about AI tools during CMMC evaluations. The most common finding related to AI tools is already documented: undocumented usage, where employees use AI services for tasks that touch CUI without the organization’s knowledge or policy coverage, according to OSI Beyond’s analysis of current assessment findings. That exposure exists whether the organization chose to create it or not.

Cost pressure is real. The case for open-weight models is real. The security risk attached to specific model families is also real. DIB companies working through AI adoption decisions right now need to treat those three facts together, not separately.

Cheaper tokens do not mean safer tokens. That distinction is going to matter when the assessor arrives.

References

Bersin, J. (2026, May). AI prices are going up, up, up: And what this means for enterprise AI. Josh Bersin. https://joshbersin.com/2026/05/ai-prices-are-going-up-up-up-and-what-this-means-for-enterprise-ai/

Booz Allen Hamilton. (2026, May). What’s in America’s code? AI model vulnerability analysis. Booz Allen Hamilton.

Congress.gov. (2026, April 7). Cyber and artificial intelligence provisions in the FY2026 NDAA (CRS IF13197). https://www.congress.gov/crs-product/IF13197

Crowell & Moring. (2026, January 7). CMMC for AI? Defense policy law imposes AI security framework and requirements on contractors. https://www.crowell.com/en/insights/client-alerts/cmmc-for-ai-defense-policy-law-imposes-ai-security-framework-and-requirements-on-contractors

Crowell & Moring. (2025, December 23). The FY2026 National Defense Authorization Act. https://www.crowell.com/en/insights/client-alerts/the-fy-2026-national-defense-authorization-act

Epoch AI. (2026). AI inference cost trends [Research dataset]. Epoch AI.

https://epochai.org

Freshfields. (2026). AI supply chain and security: Congress mandates strict controls for AI acquired by U.S. defense agencies and intelligence community. https://blog.freshfields.us/post/102lzgo/ai-supply-chain-and-security-congress-mandates-strict-controls-for-ai-acquired-b

Let’s Data Science. (2026, March 27). Open source vs closed LLMs: The 2026 decision framework. https://letsdatascience.com/blog/open-source-vs-closed-llms-choosing-the-right-model-in-2026

OSI Beyond. (2026, April 8). CMMC is getting an AI upgrade: What defense contractors need to know. https://cmmc.osibeyond.com/cmmc-resources/cmmc-is-getting-an-ai-upgrade-what-defense-contractors-need-to-know

Ramp. (2026). Enterprise AI spending data 2025–2026 [Proprietary dataset]. Ramp.

SpendHound. (2026). OpenAI pricing 2026: See what 851 companies pay. https://www.spendhound.com/marketplace/openai-pricing

Swfte AI. (2026). Open source LLMs: How enterprises save 86% on AI costs in 2026. https://www.swfte.com/blog/open-source-llm-cost-savings-guide

WilmerHale. (2025, December 19). What the NDAA means for AI and cybersecurity. https://www.wilmerhale.com/en/insights/client-alerts/20251219-what-the-ndaa-means-for-ai-and-cybersecurity

Zylo. (2026). 2026 SaaS management index [Industry report]. Zylo. https://zylo.com/resources/saas-management-index/