11 April 2026Nick11 min read

The Trillion-Dollar Brute Force: What happens when you point the most expensive technology ever built at the wrong problem

aiarchitecturestrategythought-leadership

What happens when you point the most expensive technology ever built at the wrong problem

In January 2025, Sam Altman posted something unexpectedly honest on X: "insane thing: we are currently losing money on openai pro subscriptions! people use it much more than we expected." OpenAI's $200/month Pro plan was haemorrhaging money. Anthropic appears to be in a similar position. Forbes reported in March 2026 that Cursor's internal analysis estimated a heavy user of Anthropic's $200/month Claude Max plan could consume up to $5,000 in API-equivalent compute, and Anthropic has since introduced weekly usage caps and banned automated agents from subscription access. You don't impose those kinds of restrictions when the economics are working.

The companies building the world's most capable AI systems can't make the numbers work when people actually use them. That should tell us something about how we're using AI.

They'll figure out their unit economics. That's a business problem. But the dynamic underneath it is a larger problem, something much bigger than subscription pricing.

We've taken systems, workflows and data pipelines that were designed for expert humans and asked AI to brute-force its way through them. In many cases it can. But the cost is extraordinary. And the reason isn't that the AI is bad. It's that the systems weren't built for it. The companies getting this right aren't using better AI. They're rebuilding the systems AI has to work with.

A monstrous data centre piped through a reducing network down to a single garden tap dripping into a teacup held by a bored executive

The system we inherited

Cybersecurity has a data problem that predates AI by decades, and it's a useful lens for understanding what's going wrong across every industry trying to bolt AI onto existing workflows.

The traditional model works like this. You collect as much security telemetry as you can from your endpoints, network devices, servers and applications. You funnel it into a data warehouse, usually a SIEM. Then you query it. Automated rules catch some of the bad stuff. Human analysts dig through the rest, looking for the threats that automated detection missed or undervalued.

This model was designed when enterprise environments were relatively simple and security events were relatively rare. A smart analyst could understand what normal looked like. They could hold the environment in their head, recognise patterns and apply judgment that came from years of operational experience.

The numbers on what this model produces today are genuinely absurd. Large enterprises generate terabytes of security log data every day. Industry estimates suggest less than 5% of that data provides any actionable value. Cribl has noted that much of the data ingested into security tools is rarely, if ever, queried. The global SIEM market was estimated at over $6 billion in 2024 and growing. Yet according to CardinalOps, the average SIEM deployment covers just 24% of MITRE ATT&CK techniques despite all that spending.

We're paying billions to collect, store and query data that nobody looks at, running detection rules that cover a quarter of the known attack surface.

This isn't unique to security. Legal discovery teams feed AI millions of documents that were organised for human paralegals. Healthcare systems run AI against medical records structured for billing, not diagnosis. Financial compliance teams point AI at reporting frameworks designed for human auditors reading spreadsheets. The pattern is everywhere. Entire industries built data systems optimised for human experts who could contextualise and filter on the fly. Those systems assumed a human at the end of the pipeline. The human is no longer there, but the pipeline hasn't changed.

How did we end up here? Partly because we never had to care. For decades, compute got reliably cheaper. Roughly every two years you could do twice as much processing for the same money. You didn't need to be clever about efficiency because next year's hardware would bail you out. That assumption shaped how entire industries designed their data systems. Why optimise when there's always more compute coming?

Two things broke that. The gains slowed.[^1] And then AI arrived and started eating faster than the lunch was ever being served. According to Epoch AI, the compute used to train frontier AI models has been growing at roughly 3.5x per year. The hardware efficiency curve, at its best, delivered a doubling every eighteen to twenty-four months. We found a way to consume compute far faster than the industry can produce it. The abundance era is over. We just haven't redesigned the systems that were built on the assumption it would last forever.

The threshold

At some point the volume overwhelmed the humans. In security, we can trace roughly when that happened, because "alert fatigue" stopped being a grumble and became an industry-wide condition.

Vectra's 2023 State of Threat Detection research found that SOC analysts receive thousands of alerts per day and are unable to deal with 67% of them. Analysts reported that 83% of alerts were false positives. The people doing the work are burning out. Tines reported that 64% of SOC analysts were likely to switch jobs within a year. Ponemon found that 65% had considered leaving cybersecurity entirely.

The model didn't change when the volume crossed the threshold. We just kept finding new ways to catch the waterfall in our hands. More hands. AI-driven hands. Smarter systems that helped analysts stand in the right part of the waterfall. But nobody stepped back and asked whether standing in the waterfall was still the right approach. The answer, it turns out, isn't more hands. It's leaving the waterfall entirely.

Enter AI (and the trillion-dollar question)

Then generative AI arrived and the industry collectively thought: Finally, this thing can meet the scale and complexity of the challenge. And in many ways it can help. Within reason. There are fundamental issues with how large language models work that mean they lack the intuition of an experienced analyst. The best LLMs still miss obvious things and fixate on irrelevant ones because they don't have the contextual grounding that comes from years of lived experience. They process everything with equal weight and attention whether it's a critical indicator of compromise or a routine backup job generating noise.

But they're fast. They don't sleep. They can process more data in a minute than an analyst handles in a shift.

So we pointed them at the waterfall.

Goldman Sachs projects that over $1 trillion will be spent on AI infrastructure in the coming years. Jim Covello, their head of global equity research, put it bluntly in a June 2024 report: "AI technology is exceptionally expensive, and to justify those costs, the technology must be able to solve complex problems, which it isn't designed to do." Sequoia Capital estimated that AI companies need to generate $600 billion in revenue just to justify the infrastructure being built, against actual AI revenue of roughly $100 billion. BCG found that only 26% of companies had developed the capabilities to move beyond proofs of concept and generate tangible value.

It's not just money being burned. The IEA projects that electricity consumption from data centres, AI and cryptocurrency in 2026 will reach roughly 1,000 terawatt-hours. That's equivalent to Japan's entire electricity consumption. Google disclosed that its total emissions grew 48% between 2019 and 2023, driven significantly by AI infrastructure expansion. Microsoft's water consumption for data centre cooling jumped 34% in a single year. According to research from UC Riverside, a conversation of 20 to 50 questions with ChatGPT consumes about 500 millilitres of fresh water for cooling. Scale that to enterprise AI workloads processing millions of security events per day across thousands of organisations and the environmental cost starts to look like something we should probably be talking about more.

We're spending a trillion dollars, consuming a large country's worth of electricity and drinking rivers of fresh water to run AI against the same 95% noise that human analysts couldn't get through either. More expensive hands. Same waterfall.

What if the waterfall is the problem?

Bill Gates said it years ago: "Automation applied to an inefficient operation will magnify the inefficiency."

That line should be tattooed on the inside of every CTO's eyelids.

AI is extraordinarily fast. It can process, correlate and act on data in milliseconds. But to get that speed you trade the thing humans bring: intuition. An experienced security analyst has a mental model of their environment shaped by years of watching normal operations. They can feel when something is wrong before they can articulate why. No LLM does that. What an LLM does is process whatever you give it with the same diligence and the same lack of instinct, whether that data is a genuine threat signal or one of the 95% of events that amount to nothing.

So the question becomes: what if you stopped trying to make AI act like a tireless human sifting through a river of data, and started designing systems that play to what AI actually does well?

Bill Gates leaning over a reclining executive with a tattoo gun, inking something onto the executive's closed eyelids

Leaving the waterfall behind

When we built Liarbird, we set ourselves a constraint that turned out to be the most important architectural decision we made. Our customers include organisations that operate in air-gapped environments. No cloud connectivity. No API calls to frontier models running on someone else's GPU cluster. Whatever we built, we decided the AI needed to support thousands of endpoints and be able to run on a single MacBook Pro. Not a rack of them. Not a cluster running in parallel. One.

That made it physically impossible to take the traditional approach. We couldn't collect everything, warehouse it and ask an AI to sift through terabytes looking for problems. The hardware wouldn't support it. So we had to throw out our assumptions about how security data pipelines work and rebuild from scratch.

The principles we landed on aren't specific to security. They apply anywhere you're running AI against a data pipeline that was originally designed for humans.

Collect signals, not everything. The traditional approach over-collects because humans can't predict what they'll need later. Better to have it and not need it. But when you're feeding data to an AI, every irrelevant byte is wasted compute. We shifted to on-demand collection. High-quality signals from the endpoint, not bulk telemetry dumps. If the AI needs more context about a specific event, it asks for it in real time while the process is still running on the host. The result is dramatically lower resource consumption on the endpoint, less network bandwidth and less storage.

Enrich before storage, not after. In the traditional pipeline, raw events land in a database and enrichment happens later when someone queries them. The AI, like the analyst before it, has to piece together context from scattered raw data. We inverted this. Cross-correlation and contextualisation happen inline, before data ever touches a database. The AI receives pre-enriched timelines with full context attached rather than raw events it needs to reassemble. You compensate for an LLM's lack of intuition by delivering signals that don't require intuition to interpret.

Investigate in real time. Traditional security analysis is retrospective. Something happens, it gets logged, the log gets stored and days or weeks later someone queries it. By which point the attacker has come and gone. We gave the AI the ability to investigate while events are still unfolding. Milliseconds after an alert fires, while the offending process is still running on the host, the AI can interrogate that host and others across the network. It asks questions not just of collected data but of the live environment. Real-time investigation rather than forensic archaeology.

Play to speed. Speed is AI's real advantage. So design the system to make speed the thing that matters. If your pipeline requires the AI to hold millions of data points in context and reason across all of them, you're playing to its weaknesses. If your pipeline delivers a small number of high-confidence, richly contextualised signals and asks the AI to make fast decisions about them, you're playing to its strength.

The result: a platform that can run on a MacBook Pro supports thousands of endpoints and deploys into air-gapped environments that have no internet connection at all. Not because we found a smarter model or a better compression algorithm. Because we stopped asking AI to drink from a fire hose and started giving it a glass of water.

The lesson beyond security

BCG's 2025 research found that 60% of companies were still not achieving material value from AI despite substantial investment. The 5% they call "future-built" were pulling away, achieving five times the revenue increases and three times the cost reductions of everyone else. The difference isn't the AI. It's that those companies redesigned their workflows rather than bolting AI onto existing processes.

Every industry has its waterfall. Legal has document warehouses. Healthcare has EHR systems built for billing. Finance has compliance reporting chains designed for human auditors. Manufacturing has quality control pipelines that assume a human inspector at the end. All of these systems were built by and for humans, on the assumption that an expert would be applying judgment and context at the critical points.

Pointing AI at these systems works in the same way that a fire hose fills a drinking glass. You'll get there. But you'll waste most of what you're spending, burn through resources at a rate that's increasingly hard to justify, both financially and environmentally, and you'll keep wondering why the ROI never adds up.

The organisations spending a trillion dollars on AI infrastructure aren't wrong about AI's potential. They're wrong about the pipeline. The fix isn't bigger models, longer context windows or more GPUs. The fix is a question: what would this system look like if we'd designed it for AI from the start?

The answer, in our experience, is smaller, faster, cheaper and dramatically more effective. But it means being willing to throw out decades of accumulated assumptions about how data should flow through your organisation.

That's the hard part. The technology is ready. The architecture is the bottleneck.

[^1]: The trend commonly called Moore's Law was an observation about transistor density, not a physical law, and the economic gains it delivered depended on a related phenomenon called Dennard scaling, which kept power density roughly constant as transistors shrank. Dennard scaling broke down around 2005, which is why processor clock speeds have barely moved in twenty years despite transistors continuing to get smaller. The cost-per-transistor curve has also weakened at newer manufacturing nodes. The "free lunch" of ever-cheaper compute was already getting smaller before AI accelerated demand past what the hardware curve can deliver.