The realistic year-one TCO of a security-platform agentic AI procurement at mid-sized SOC scale runs 4 to 7 times the order-form platform-fee line, decomposing across five cost components (platform fee, integration of SIEM and EDR and identity and ticketing telemetry, analyst retraining of the L1 and L2 SOC tier, tuning by the detection-engineering function in the first 6 months, and exit migration if the relationship ends); vendor-published ROI figures should be discounted by 30 to 50 percent against demo-environment bias, 20 to 40 percent against the customer's actual false-positive-adjusted alert backlog, and 60 to 80 percent against the survivorship bias in published case studies; the structural procurement instrument that prices these discounts at signing is a contractual 90-day in-environment paid-pilot evaluation gate that runs at production scope against four pre-defined customer baseline measurements (mean-time-to-triage, false-positive rate per detection class, analyst-hours per closed incident, backlog age), with a documented walk-away clause that returns the customer to the pre-pilot operating state without successor-platform commitment.
Anchored on three primary sources. (a) Public per-unit vendor pricing for Microsoft Security Copilot ($4 per Security Compute Unit hour, 1 SCU minimum, per microsoft.com Security Copilot pricing page) and CrowdStrike Charlotte AI (bundled into the Falcon Insight tier per crowdstrike.com platform documentation); these set the platform-fee floor. (b) IBM Cost of a Data Breach Report 2024 ($4.88M global average, $9.36M US average, $9.77M healthcare) anchors the false-negative-tail asymmetric-cost argument and the cost-of-being-wrong differential against general-purpose agentic AI TCO. (c) SANS 2024 SOC Survey (40 to 60 percent median false-positive rate, 70 to 80 percent at the long-tail SOCs) anchors the alert-quality discount factor. The 4-to-7x first-year multiplier is calibrated from procurement-team observation of integration + retraining + tuning + exit costs against the platform-fee line across mid-sized SOC deployments; published independent (non-vendor-funded) audits at this granularity are not available, so the multiplier is presented as the buying-committee planning range rather than a measured industry average. 60-day review cadence (26 Jul 2026) because vendor pricing models in security AI shift quarterly. Trigger conditions: (1) a published independent audit of security-platform agentic AI deployment outcomes that materially changes the discount factors moves toward Partial; (2) Microsoft, CrowdStrike, Palo Alto, or SentinelOne announcing structural pricing-model changes for their security AI tiers requires cost-component-model revision; (3) regulatory action under the EU AI Act, NIST AI RMF, or sector-specific cybersecurity rules constraining how security-platform AI is contracted changes the evaluation gate structure; (4) a published case study of a regulated-industry breach traceable to a security-platform AI false negative would harden the asymmetric-cost argument. Sibling AM-180 (agentic IAM TCO model at 2,000-employee scale) covers the IAM-axis TCO calculation that closes the identity side of the security-platform procurement.
/holding/AM-174/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-174's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: The realistic year-one TCO of a security-platform agentic AI procurement at mid-sized SOC scale runs 4 to 7 times the order-form platform-fee line, decomposing across five cost components (platform fee, integration of SIEM and EDR and identity and ticketing telemetry, analyst retraining of the L1 and L2 SOC tier, tuning by the detection-engineering function in the first 6 months, and exit migration if the relationship ends); vendor-published ROI figures should be discounted by 30 to 50 percent against demo-environment bias, 20 to 40 percent against the customer's actual false-positive-adjusted alert backlog, and 60 to 80 percent against the survivorship bias in published case studies; the structural procurement instrument that prices these discounts at signing is a contractual 90-day in-environment paid-pilot evaluation gate that runs at production scope against four pre-defined customer baseline measurements (mean-time-to-triage, false-positive rate per detection class, analyst-hours per closed incident, backlog age), with a documented walk-away clause that returns the customer to the pre-pilot operating state without successor-platform commitment.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-008 · Partial · 17 Jun 2026
Source-text figure re-review: Google's 2024 Environmental Report reports a 28% year-over-year increase to 8.1 billion gallons, not the 33% (from a 6.1 billion 2023 base) asserted at publish. The 8.1B 2024 figure and the Microsoft WUE 0.30 L/kWh / 39%-improvement figure are unchanged and verified. Article corrected to 28% and the unsupported 6.1B base removed; the claim text retains the original figure with this correction per the Holding-up protocol.
- AM-132 · Partial · 10 Jun 2026
One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.
- AM-129 · Partial · 10 Jun 2026
One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.
Reviews coming up in Reporting
- AM-063 · Holding · next +9d (27 Jun 2026)
AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…
- AM-061 · Holding · next +9d (27 Jun 2026)
Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…
- AM-003 · Partial · next +9d (27 Jun 2026)
GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…