The AI Control Problem

The $500 Billion Question: Why Governance Is the Only AI Moat Left Standing

TV
Thiago Victorino
10 min read
The $500 Billion Question: Why Governance Is the Only AI Moat Left Standing

The hyperscalers spent approximately $443 billion in capital expenditure in 2025, with roughly 65-75% directed at AI infrastructure. Sequoia Capital estimates those investments need $600 billion in annual AI revenue to return a modest 10%. Current AI revenue sits well below that number.

At the same time, S&P Global surveyed 1,006 companies and found that 42% had abandoned AI initiatives in 2025, up from 17% the prior year. IBM’s study of 2,000 CEOs found that 64% adopted AI before determining whether it would produce measurable benefit. The primary motivation was fear of falling behind.

These two data points define the current moment. The industry is simultaneously spending at unprecedented scale and failing at unprecedented rates. The question is not whether AI works. It is whether the economics of AI deployment work for any organization that lacks the governance infrastructure to make them work.

The 10:1 Ratio

Sequoia’s David Cahn has been tracking this for over a year. His updated analysis puts the number starkly: AI infrastructure investment outpaces AI revenue by roughly 10:1. The $600 billion revenue threshold he identifies is not a prediction of failure. It is the minimum required to justify current spending at a 10% return.

For context, AI captured 61% of global venture capital in 2025: $258.7 billion of $427.1 billion, according to the OECD. This is not a sector. It is the economy’s center of gravity.

The revenue will likely grow. Token costs have dropped 50-200x for equivalent capability over the past two years. Cheaper inference means more usage, which means more revenue. History offers precedent: the internet had a massive spend-to-revenue imbalance in 1999 that eventually corrected. Cloud computing followed a similar arc.

But “eventually” is doing a lot of work in that sentence. The internet correction took a decade and wiped out most of the companies that made the initial investments. The survivors were not the ones who spent the most. They were the ones who built operational discipline around what they spent.

Traditional Moats Are Dissolving

Hamilton Helmer’s 7 Powers framework identifies seven sources of durable competitive advantage: scale economies, network effects, counter-positioning, switching costs, branding, cornered resource, and process power.

Agentic AI is eroding most of them simultaneously.

Switching costs collapse when an AI agent can migrate your data, replicate your workflows, and integrate with your new vendor in hours instead of months. The lock-in that enterprise SaaS depended on for two decades is becoming a negotiating position, not a structural barrier. As we explored in The $3 Trillion Stress Test, this dynamic is already affecting SaaS renewal conversations.

Scale economies invert when CB Insights reports that 78% of newly launched AI startups are API wrappers around foundation models. Building on someone else’s scale is trivial. The marginal cost of creating a competitive product has collapsed.

Brand matters less when the buyer is an AI procurement agent evaluating options against a rubric rather than a human influenced by reputation and relationship. Microsoft reports that 80% of Fortune 500 companies are now using active AI agents. Those agents don’t have brand loyalty.

Network effects weaken when agents can operate across platforms without human friction. The “everyone I know uses Slack” moat meant something when switching required retraining 500 people. It means less when an agent bridges platforms invisibly.

What Helmer’s framework doesn’t account for is a scenario where all seven powers degrade simultaneously for an entire category. That is the scenario unfolding in enterprise software.

Shadow Development Is the New Shadow IT

Shadow IT was a nuisance. An employee signs up for Dropbox because the approved file-sharing tool is slow. IT discovers it six months later. The risk is data sprawl and licensing compliance.

Shadow development is something different. Sixty percent of employees now use unapproved AI tools, according to multiple enterprise surveys. Only 37% of organizations have governance policies for AI use. But the nature of what employees are doing has changed. They are not just using unauthorized tools. They are building unauthorized systems.

A marketing manager builds an agent workflow that scrapes competitor pricing and updates a dashboard. A finance analyst creates a chain of prompts that generates quarterly forecasts from raw data. A product manager deploys an agent that triages customer feedback and routes it to engineering tickets.

None of these went through architecture review. None have error handling beyond the defaults. None have audit trails. None were stress-tested against edge cases. And none can be easily discovered, because they live in personal accounts on platforms the organization doesn’t monitor.

As we argued in The Mythical Agent-Month, the bottleneck was never generating artifacts. It was governing them. Shadow development makes that argument urgent. The governance deficit is no longer hypothetical. It is accumulating daily, in every department, at every company where employees have access to AI tools and no framework for using them responsibly.

The Bifurcation Thesis

Here is the strategic hypothesis. It is not proven. It is directional, and it carries the author’s commercial bias. But the evidence is accumulating.

Companies are splitting into two categories based on a single variable: whether they built governance artifacts before or after scaling AI.

Governance artifacts are specific and measurable. Cost attribution per AI workload. ROI measurement tied to business outcomes rather than activity metrics. Compliance controls that can answer an auditor’s questions. Usage policies that employees actually follow because they were designed with employees, not imposed on them.

Companies with these artifacts can answer three questions: What are we spending on AI? What are we getting for it? Can we prove it to regulators?

Companies without them cannot. And the 42% abandonment rate from S&P Global’s survey correlates strongly with that inability. You cannot sustain executive support for a program you cannot measure. You cannot defend a program to a board you cannot audit. You cannot retain talent on a program where the tools they built last quarter were deprecated because nobody tracked what they did.

The widely cited MIT study suggested roughly 95% of enterprise AI initiatives showed no measurable P&L return. That number deserves a caveat: it was based on 52 qualitative interviews, not a broad statistical sample. But even the directional finding aligns with what IBM’s 2,000-CEO study shows. Adoption outran governance. The correction is expensive.

Why Cheaper Tokens Make Governance More Valuable

This is the counterintuitive mechanism that most analyses miss.

Token costs have fallen dramatically. A task that cost $10 in API fees eighteen months ago might cost pennies today. The instinctive response is that cheaper tokens reduce the stakes. If inference is nearly free, governance overhead seems like unnecessary friction.

The Jevons Paradox says otherwise. William Stanley Jevons observed in 1865 that as coal-burning engines became more efficient, total coal consumption increased because cheaper energy made more applications economically viable. The efficiency didn’t reduce usage. It expanded it.

The same mechanism applies to AI tokens. Cheaper inference means more use cases become viable. More use cases mean more agent deployments. More deployments mean more surface area for error, compliance exposure, and untracked spending. The governance burden grows faster than the cost savings.

A fair counterargument: if cheaper tokens drive more usage, the revenue side of the 10:1 ratio improves too. The spend-to-revenue imbalance might self-correct as adoption scales. This is possible. It is also what internet investors believed in 2000. The correction happened, but it took years and left most early investors with nothing.

The difference between the internet cycle and the AI cycle is speed. Infrastructure cycles used to play out over decades. This one is moving in quarters. Organizations that wait for the market to self-correct may not have the runway to survive the correction period.

Compliance Software as the Resilient Category

While the broader SaaS market lost approximately $2 trillion in market capitalization during the AI-driven repricing of early 2026, one category held: compliance and governance infrastructure.

The logic is structural. When every other software category faces replacement by AI-built alternatives, the category that governs those alternatives becomes more necessary, not less. You can replace your CRM with an agent-built alternative. You cannot replace the compliance framework that ensures that alternative handles customer data legally.

This is where the moat argument lands. If traditional software moats (switching costs, brand, network effects) are collapsing under agentic pressure, the surviving moat is the one that agents themselves cannot replicate: institutional governance that requires organizational context, regulatory knowledge, and cross-functional accountability.

Agents are extraordinary at generating code, content, and analysis. They are structurally unable to generate the organizational judgment about when and how to deploy themselves. That judgment is governance. And it is the last defensible position.

What This Means for the Next Twelve Months

The 10:1 spend-to-revenue ratio will narrow. It always does in infrastructure cycles. The question is how much organizational damage occurs before it does, and which companies emerge with their AI investments producing returns.

Three predictions, stated as hypotheses rather than certainties:

The abandonment rate will peak before it improves. The S&P Global survey showing 42% abandonment reflects organizations that invested without governance infrastructure. The next wave of adopters will benefit from cheaper tokens and better tooling, but only if they build the measurement and compliance layer first.

Governance will become a procurement requirement. Enterprise buyers are already asking vendors about AI governance practices. Within twelve months, governance artifacts (audit trails, cost attribution, compliance documentation) will be table stakes for enterprise AI procurement, the way SOC 2 compliance became table stakes for cloud vendors.

The shadow development crisis will produce the next major corporate AI incident. An employee-built agent workflow will cause a data breach, a compliance violation, or a material financial error at a publicly traded company. The aftermath will accelerate governance adoption industry-wide, the way Equifax accelerated data security governance.

The $500 billion question is not whether AI justifies the investment. Over a long enough timeline, it probably does. The question is whether your organization has the governance infrastructure to survive the timeline between investment and return.

That infrastructure is the moat. Not the model. Not the data. Not the brand. The boring, measurable, auditable ability to know what your AI is doing, what it costs, and whether it is working.

Everything else is a demo.

This analysis synthesizes S&P Global’s 2025 AI Survey (January 2026), IBM’s 2025 CEO Study (2025), Sequoia Capital’s “AI’s $600B Question” (September 2024, updated 2025), OECD Venture Capital Trends (2025), and Hamilton Helmer’s 7 Powers framework.

Victorino Group helps organizations build the governance infrastructure that separates AI investment from AI waste. Let’s talk.

Part of The Thinking Wire, published by Victorino Group.

If this resonates, let's talk

We help companies implement AI without losing control.

Schedule a Conversation