Across the industry, companies are starting to balk at the price of AI. Uber blew through its entire 2026 AI coding budget by April. Microsoft revoked its developers’ Claude Code licenses months after enabling them. A Priceline employee told TechCrunch that a routine Cursor contract renewal came back 4-5x more expensive.

Even though per-token prices have fallen, the push for more AI adoption and increasingly autonomous agents have driven token consumption higher and higher. Companies that gorged themselves in early 2025 on all-you-can-eat subscriptions are now scrambling to understand where their money is going, pull back spending, and figure out whether they can salvage some ROI from the wreckage of their budgets.

Meanwhile, a market is forming to meet them there. Startups, established vendors, and a new standards body are all racing to give companies the tools and language to track what they spend.

“Six months ago, I would have a conversation with a customer and it would be all about ‘What can it do? Is it good enough?’” Alexander Embiricos, OpenAI’s head of enterprise, told TechCrunch at an event in New York City this week. “Our conversations are never about that now. Now the conversations are about, ‘hey, we’re spending so much. What visibility do you have? What auditability do you have? What token controls do you have? What is the efficiency of your models?’”

It’s against this backdrop that the Linux Foundation this week unveiled plans for the Tokenomics Foundation, a new standards body that aims to instill the same cost discipline around AI tokens that FinOps did for cloud spend.

“In April and May, I started hearing from companies: ‘Oh my god, we are 3x over our entire 2026 token budget and it’s only April,’” J.R. Storment, executive director of the FinOps Foundation, a project under the Linux Foundation, told TechCrunch. “We started hearing existential crises, and the whole conversation shifted from tokenmaxxing and ‘go fast’ to ‘we need guardrails, how do we control this?’”

The cries heard round the tech world followed fervent demands from CEOs pushing their teams to use the best models and move fast, costs be damned. New models released in November like Anthropic’s Claude Opus 4.5, OpenAI’s GPT-5.1, and Google’s Gemini 3 Pro brought significant improvements to agentic tools, which have multiplied consumption. It’s how one company reportedly found itself with a $500 million Claude bill after forgetting to set usage limits for employees. 

“It’s like the crack-cocaine epidemic,” said Chris Reed, senior director of IT finance at Priceline, noting the company had begun placing token limits on certain groups. “They let you try it to get you hooked on it, and now you’re kind of beholden to it.”

Vitaly Gordon, CEO of engineering operations platform Faros AI, said he recently spoke to a CTO who told him: “One of my engineers spent $40,000 on tokens last month, and I genuinely don’t know whether I should stop him or should I go and tell everyone else to be like him.“

A March survey by Faros found that among 20,000 developers, output was rising, but so were bugs and rewrites. Jellyfish, an engineering management platform, similarly found engineers who used the most tokens were about twice as productive than those who used AI less, but they spent 10x the number of tokens to get there.

Nicholas Arcolano, head of research at Jellyfish, told TechCrunch via email that expenditure on AI is exploding in large part due to agentic features, with per-developer consumption rising about 18.6x in nine months. All in all, these stats make the productivity case murkier than the spending suggests.

“Whether extreme spend pays off comes down to the ultimate business value of shipped code (e.g. revenue), which most companies still can’t measure,” Arcolano said.

At least some of that measurement issue is the sheer scale at which AI is being used today.

“Tracking cloud costs is a hundreds-of-millions-of-rows-a-month data problem,” Storment said. “Tracking token costs is a trillions-of-rows-a-month data problem. You can’t just stick that into whatever spreadsheet or even basic tool. You’ve got to fundamentally rethink your tooling, your specs and your accounting systems to do that.”

At Priceline, Reed is already seeing discrepancies. He noted issues between a vendor’s reported usage and Priceline’s internal data.

“I started my career in telecom expense management, and I’m seeing all the same parallels, from telecom to cloud to AI,” he said. “Anytime you introduce something new, it’s ripe for billing errors and audit and optimization opportunities.”

A market is beginning to form around this problem. There are the pure-play companies, like Pay-i, which tracks, measures and optimizes the costs and performance of GenAI investments. Paid, meanwhile, lets developers track costs, measure usage and bill users based on actual value rather than subscription fees.

Then there are companies like Jellyfish, Waydev and Faros AI, which all provide AI agent monitoring to prove the ROI of developer tools. Storment says most of the 180 vendors within the FinOps Foundation are leaning towards this space. 

Companies with existing distribution are also adding new features to capitalize on this new market. Ramp has recently moved into AI spend management; Datadog and New Relic have tacked on services like cloud cost management, token-level observability, and GPU monitoring. At the FinOps X conference next week, AWS is expected to introduce new financial management features geared toward enterprise AI spending.

Tiffany Luck, a partner at NEA, thinks token efficiency and observability will likely be added in at the “harness or app layer.” She pointed to Factory, a startup that makes AI agents for enterprises, which this week launched a model router that automatically picks the right model for every task. 

Gordon expects frontier labs and other model providers to adopt OpenRouter-style optimization to drive queries to the cheapest models — a trend already showing up on enterprise Claude bills. 

“The financial report for how much you spend on Anthropic, even if you call the Opus model, some of the spend will be on Sonnet or Haiku, because they are smart enough to do it,” Gordan said. “I think this will become more and more of a thing.”

But all these tools are being built without a common language or shared definitions for how much a token costs, what it produces, and how to compare spend across vendors. That’s where the Tokenomics Foundation hopes to prove useful.

The Foundation is building a canonical definition and framework for “tokenomics;” open standards, specifications and metrics for AI token usage and billing; as well as new metrics for AI economics, like cost-per-intelligence or tokens-per-watt. It also plans to define metrics across token factory effectiveness and consumption efficiency. The group is planning a formal launch in July, and is about to announce more members at the FinOps X conference next week. 

“Token economics is fundamentally more abstract and opaque than anything we’ve managed at this scale before,” Nishant Gupta, chief availability officer at Salesforce, said in a statement. “It requires a different operational muscle than the one the industry built for cloud.”

That said, Goldman Sachs projects global token usage to multiply by 24 times by 2030. The companies already over budget need solutions now, and the foundation’s first deliverable is still months away.

“Maybe we created a steam engine, but we still haven’t figured out the assembly line,” said Gordon.

According to Arcolano, the smart move is broad, moderate adoption. 

“The best ROI comes from moving the broad middle from low to moderate usage, not pushing heavy users higher,” he said.

Russell Brandom and Tim Fernholz contributed to this reporting.

Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks.

ATG systems are electronic monitoring devices used to remotely track fuel, chemicals, or other liquids in storage tanks, automating inventory control, environmental leak detection, and regulatory compliance. While they’re commonly used at gas stations to monitor fuel tank levels, they can also be found in industrial settings to track chemical storage tanks.

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.

The federal agencies warned that threat actors target such devices to alter system settings in command execution attacks after exploiting various security flaws, including hardcoded credentials, authentication bypasses, SQL injection vulnerabilities, OS command execution flaws, and privilege escalation weaknesses.

“The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution,” the joint advisory warned.

As CISA cautioned, following successful compromises, the attackers could disable system alerts, increasing the risk of leaks or equipment failures and even causing permanent damage to the targeted tank systems.

In light of CISA’s advisory, Internet security watchdog Shadowserver warned today that over 1,000 ATG systems were exposed online, with the vast majority (909 devices) in the United States.

​”We added scanning of Automatic Tank Gauge (ATG) systems to our Accessible ICS reporting with 1061 IPs seen on 2026-06-05 (on port 10001/tcp),” Shadowserver said. “This is after weeding out vast majority which appear to be honeypots (including ports 8001/9001).”

Critical infrastructure organizations are advised to restrict remote access to ATG systems from the Internet as soon as possible and implement controlled access through firewalls, VPNs, or access control lists.

They should also replace default passwords on vulnerable devices with strong credentials, apply security updates, monitor systems for unauthorized changes, and implement multi-factor authentication where possible.

CISA’s warning comes after a May CNN report that Iranian hackers had breached ATG systems connected to the Internet at multiple gas stations across the United States. Iranian hacking groups were linked to these incidents based on their previous history of targeting fuel management systems and other industrial control technologies.

After hacking the devices with weak or nonexistent passwords, the attackers reportedly manipulated the display readings but did not alter the actual fuel levels. Although these incidents didn’t cause any physical damage, they raise concerns that such attacks could hinder automated fuel leak detection and similar safety-related functions.

In April, another joint advisory issued by U.S. federal agencies linked Iranian state-backed hackers to attacks targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing financial losses and operational disruptions.

Cybersecurity firm Censys reported one day later that 74.6% (3,891 hosts) of such industrial control systems found exposed online globally were from the United States.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Virtual Private Networks, or VPNs, are basically a required utility in 2026 if you want to browse the internet without being tracked. Get Proton VPN at up to 70% off a two-year subscription.

It seems like everyone on the internet is trying to track you. Whether it’s data brokers trying to profit off your personal information or your ISP attempting to help build an advertising profile, all eyes are on you when you browse.

There is a better option than giving up and living in a cave, and it’s called Proton VPN. It lets you connect a VPN to up to ten devices at once for smooth and encrypted access to your apps and websites.

Those of you already in the know about Proton VPN, a safe and secure option, can go ahead and jump on the deals available this month. Get up to 50% off monthly subscriptions, 60% off a 1-year subscription, or 70% off a 2-year subscription now through July 19.

Save up to 70% on Proton VPN

For those that need a little convincing, here’s what you need to know about one of the best VPN options out there.

Proton VPN for Mac, iPhone, iPad, and more

Proton VPN is a Virtual Private Network tool that easily tunnels your internet traffic from one server to another. All data is encrypted with AES-256 or ChaCha20 coding to ensure your traffic can’t be deciphered even if it’s checked.

Basically, it means no one can see what websites you’re visiting, how long you spend there, what you click on, or what you’re watching. VPNs enable a lot of cool abilities on every device you install them on.

Proton VPN: Safe, secure, reliable. Image source: Proton

For example, if you use Proton VPN for iPhone, you can stream anime on Netflix that is exclusive to Japan. Or, if you’d like to visit a website that’s being censored in your region, a VPN will let you get by without worry.

Keep in mind that accessing illegal content or performing actions like pirating media is still punishable by law, even when using a VPN. That said, everyone can benefit from a little more privacy and security online.

Proton VPN has a strict no-logs policy, so what little data that can be gathered about your browsing habits isn’t even available to the VPN provider. Subpoenas sent to Proton VPN will only be able to reveal that a customer purchased access to a VPN, and that’s it.

Simply sign up for your subscription, install Proton VPN on your devices, and choose the location you’d like to browse from. There are additional options like double hop and split tunneling to further obfuscate your VPN use.

Proton VPN for Mac, iPhone, and more. Image source: Proton

Proton’s 20,332 servers in 148 countries ensure your VPN connection is always stable with unlimited bandwidth. Browsing the web shouldn’t be a compromised experience just because you’re using a tool like Proton VPN for Mac.

Staying hidden from ad tracking and creepy ISP spying is only one aspect of VPN use — they can also help keep you more secure. If you’re ever trying to access the internet over public Wi-Fi, toggle on Proton VPN to stay out of sight of bad actors and other problems.

Proton VPN also has a proprietary accelerator that can increase your VPN connection speed by up to 400%. Gamers get significant speed gains too, as some ISPs throttle gaming traffic during peak hours.

Get Proton VPN today at a discount

If you’re looking for the best VPN for iPhone, iPad, Mac, or other device in your home, Proton VPN is an excellent option.

All you need is an active subscription and the VPN app to secure your network connection and browse more privately. Pick your subscription length and jump right in.

Proton VPN is offering 50% off monthly subscriptions, 60% off a 1-year subscription, and 70% off a 2-year subscription. Just go to Proton VPN’s website and sign up to take advantage of the deal before July 19.

The UK is now among the most targeted countries in the world for cyberattacks. Last year, the National Cyber Security Centre (NCSC) handled a record 204 ‘nationally significant’ cyber attacks, a steep 130% increase on the previous 12 months.

Public sector organizations are increasingly in the firing line when it comes to cybersecurity incidents. In December 2025, Kensington and Chelsea Council was hit by a cyberattack that compromised the personal information of hundreds of thousands of residents.