Check your company's expense reports for the last quarter and you'll likely find the same pattern we keep hearing about from engineering leaders: a GitHub Copilot contract signed at the org level, a cluster of Cursor subscriptions expensed by individual team leads, a ChatGPT Team workspace someone in product spun up, and a Claude subscription a staff engineer pays for personally and quietly expenses. Four bills. Three of them doing substantially the same job.
This didn't happen because anyone was careless. It happened because AI coding tools were adopted bottom-up, one $20 expense report at a time, while procurement processes were built for top-down SaaS purchases. Each individual subscription sat below the approval threshold that would have triggered a vendor review. Now the aggregate is a line item finance is starting to notice — and when the audit comes, engineering gets asked to justify the stack.
How Duplicate AI Seats Pile Up
The sprawl follows a predictable sequence. First, the company signs an official tool — usually GitHub Copilot, because it rides along on an existing GitHub Enterprise relationship and requires no new vendor onboarding. Then individual developers hit Copilot's limitations for their workflow and start expensing Cursor, because a $20/month receipt doesn't need a procurement ticket. Meanwhile, non-engineering teams adopt ChatGPT Team or Claude for writing and analysis, and engineers join those workspaces too because they want a general-purpose chat model alongside their IDE tooling.
The result is capability overlap, not capability coverage:
- IDE autocomplete and agentic editing: Copilot and Cursor both do this. Paying for both per seat means paying twice for the category.
- Chat-based reasoning and code review: ChatGPT Enterprise and Claude Team overlap heavily for most day-to-day developer queries.
- Embedded AI in existing SaaS: Notion AI, Slack AI, Atlassian Intelligence, and similar add-ons each charge their own per-seat premium for model access you're already buying elsewhere.
No single layer is wasteful on its own. The waste is in the stack.
The Per-Seat Math Nobody Has Run
Here's what published list pricing looks like for the common stack as of mid-2026 (enterprise tiers are negotiated, so treat these as floors, not finals):
| Tool | Plan | List price |
|---|---|---|
| GitHub Copilot | Business | $19/user/month |
| GitHub Copilot | Enterprise | $39/user/month |
| Cursor | Teams | $40/user/month |
| ChatGPT | Team | $25–30/user/month |
| ChatGPT | Enterprise | Custom (annual commitment, seat minimums) |
| Claude | Team | $25–30/user/month |
Run the numbers for a 200-engineer organization carrying Copilot Business ($19), Cursor Teams ($40), ChatGPT Team ($30 monthly billing), and Claude Team ($30 monthly billing) simultaneously: that's $119 per engineer per month, or roughly $285,000 a year. If half of those seats are duplicative — and in the overlap categories above, they usually are — you're looking at six figures of annual spend that a procurement review could reclaim without removing any capability developers actually use.
Seat price is only the visible half of the bill. Cursor and several agentic tools layer usage-based pricing on top of the subscription, so heavy agent users can generate overages that dwarf their seat cost. And most of these contracts auto-renew annually — if you discover the duplication two weeks after renewal, you're carrying it for another year.
A Procurement Playbook You Can Run This Quarter
You don't need a FinOps team to fix this. You need an afternoon of data pulling and one uncomfortable meeting. Here's the sequence we'd run:
1. Inventory what's actually deployed. Pull three sources: your SSO/identity provider logs (which AI domains are people authenticating to?), expense report line items matching AI vendors, and your corporate card statements. Expense data catches the shadow subscriptions SSO misses. Expect to find tools nobody on the leadership team knew about.
2. Map seats to utilization, not headcount. Copilot's admin dashboard, Cursor's team analytics, and ChatGPT Enterprise's workspace reports all show last-active dates and usage volume. A seat that hasn't generated a completion in 60 days is a refund waiting to happen. In our experience reviewing these dashboards, inactive-seat rates of 20–30% are common in tools that were rolled out org-wide rather than opt-in.
3. Pick a primary per category and make the overlap explicit. You probably need one IDE-layer tool and one chat-layer tool, not two of each. The decision criteria that matter: which tool your developers actually choose when they have both (utilization data answers this), data processing terms, and whether the vendor supports your compliance requirements (SOC 2 report, zero-data-retention options, regional hosting).
4. Negotiate with the utilization data in hand. Vendors price enterprise AI deals expecting consolidation pressure. Walking into a renewal with "we have 200 licensed seats and 120 monthly actives, and we're evaluating consolidating to your competitor" changes the conversation. Annual billing typically takes 15–20% off monthly list prices on its own.
5. Build a tool registry and an intake path. The reason sprawl happened is that requesting a tool officially was slower than expensing it. Fix the incentive: a lightweight registry of approved AI tools, who owns each contract, what data classes are allowed in each, and a request form that gets answered in days, not quarters. This is a database, not a bureaucracy.
6. Put renewals on a calendar with a 90-day review trigger. Every AI contract gets a review date one quarter before auto-renewal. That's when you re-pull utilization and decide: renew, renegotiate, or consolidate.
Shadow AI Is the Bill You Can't See on Any Invoice
The duplicate seats are the measurable problem. The unmeasurable one is worse: developers using personal-tier AI accounts for work because the official tool is missing, slow to provision, or worse than what they can get for $20 of their own money.
Consumer-tier AI accounts typically lack the data processing agreements, audit logs, and training opt-out guarantees that enterprise tiers carry. Source code pasted into a personal chat account may be handled under consumer terms your security team has never reviewed. You can't fix this by blocking domains — developers will route around blocks, and you'll lose the visibility you had.
The pragmatic fix is an amnesty: announce that anyone using an unapproved AI tool can register it in the intake process with no penalty, and commit to either provisioning an approved equivalent or fast-tracking an evaluation. The goal is to make the sanctioned path faster than the shadow path. Governance that's slower than the workaround isn't governance — it's theater.
Originally published at pickuma.com. Subscribe to the RSS or follow @pickuma.bsky.social for new reviews.
Top comments (0)