← Blog

AI Cost Attribution Per Team: The Record Design That Turns AI Spend Into a Chargeback Line Item

Finance teams asking for AI cost attribution per team run into the same problem every time: the model provider's invoice shows the aggregate account spend, not the per-team consumption. Attribution has to happen at the gateway, where the enterprise can tag each request with the team, application, and user identity. This piece walks through the record design that produces attributable AI spend, the tagging pattern that survives multi-model deployments, and the reports the finance team accepts as chargeback evidence.

ByParminder Singh· Founder & CEO, DeepInspect Inc.
Platform & Architectureai-costchargebackai-gatewayfinanceattributionai-governance
AI Cost Attribution Per Team: The Record Design That Turns AI Spend Into a Chargeback Line Item

Enterprise AI spend crossed the threshold where finance teams started asking for per-team attribution around Q4 2025, and the ask has intensified through 2026 as Zscaler's ThreatLabz 2026 AI Threat Report tracked 18,033 TB of enterprise data moving through AI tools, up 93% year over year. The finance ask runs into the same problem every time: the model provider's invoice shows the aggregate account spend, not the per-team consumption. Attribution has to happen at the gateway, where the enterprise can tag each request with the team, application, and user identity. I want to walk through the record design that produces attributable AI spend and the reports the finance team accepts as chargeback evidence.

The four attribution dimensions

An enterprise chargeback record captures four dimensions of attribution.

Team dimension. The engineering, product, or business team responsible for the workload. The team is the primary cost center the finance system charges.

Application dimension. The specific application inside the team's portfolio that ran the request. A team with three applications on AI holds three application identifiers, and the record separates them.

User dimension. The human user whose session drove the request. The user is the finest attribution grain, and the enterprise's HR system provides the roster the identifiers map to.

Category dimension. The workload category the request falls into. Categories include batch, interactive, high-priority, external-customer-facing, and internal-analytics. The category description feeds the chargeback conversation about which categories the enterprise's AI investment thesis prioritizes.

The tagging pattern the record depends on

The gateway attaches tags to each request. The tags come from three sources: the caller's identity, the request's headers, and the gateway's routing policy.

The caller's identity provides the user tag directly. The identity provider's token carries the user's identifier, and the token often carries the user's team affiliation as a group claim.

The request's headers provide the application tag. The application submits a header (e.g., X-Application-Id) that carries its identifier. The gateway's policy validates the header against the enterprise's registered application list.

The gateway's routing policy provides the category tag. The routing policy inspects the request's characteristics (the model chosen, the prompt size, the priority header) and attaches the category tag.

The tags land in the record alongside the token counts and the estimated cost. The record's shape is stable across models and providers, which simplifies the downstream aggregation.

The multi-model spend aggregation

An enterprise that runs OpenAI, Anthropic, and Bedrock across teams produces per-model records with different pricing structures. The aggregation pattern normalizes the records to a common cost representation.

The gateway holds a pricing table per model, updated when providers change prices. The pricing table maps input tokens, output tokens, and cache tokens to per-request cost. The aggregation applies the pricing to the request's token counts and produces the dollar-equivalent cost.

The normalized record has the same shape regardless of the provider. The finance team's reporting queries the normalized record set without a per-provider branch in the query logic.

The pattern also lets the finance team compare per-model cost efficiency across teams. A team that runs the same workload on GPT-4-mini rather than GPT-4 produces a record set with the same category tag but different cost. The comparison identifies teams that could migrate workloads to cheaper models.

The record schema that satisfies the chargeback pipeline

The record schema carries the fields the chargeback pipeline consumes. A working enterprise schema includes:

[@portabletext/react] Unknown block type "code", specify a component for it in the `components.types` prop

The schema is JSON, canonical, and stable across the enterprise's providers. The chargeback pipeline aggregates on team_id, application_id, and category, and produces the per-team monthly report.

The purpose field as the business-reason anchor

The purpose field is drawn from an enterprise-defined enum and describes the business reason for the request. Purpose values are more stable than the workload category and travel with the record for the audit trail.

For chargeback, the purpose field lets the finance team ask "which purposes consumed the largest share." A team that spends 60% of its budget on customer-support-response has a different investment story than a team that spends 60% on internal-analytics.

For the AI governance conversation with the board, the purpose distribution is the number that describes what the enterprise is actually doing with AI. The number is more informative than the aggregate spend.

The showback report the finance team accepts

The finance team's initial showback report typically includes:

Per-team monthly spend, ranked from highest to lowest, with month-over-month change. The report identifies the teams growing the fastest and the teams stagnant.

Per-application spend within each team, again ranked with month-over-month change. The report identifies the applications inside a team that drive the team's total spend.

Per-model spend across teams, with the per-model cost per response as a normalized comparison. The report identifies workloads that might migrate to cheaper models.

Purpose distribution as a stacked-bar visualization. The report shows the mix of business reasons the enterprise's AI spend covers.

The report becomes the input to the quarterly budget review, where each team's product manager defends the team's allocation for the next quarter.

The chargeback pipeline that follows

The chargeback pipeline reads the record set on a monthly cadence, aggregates by team, and produces the internal invoice. The invoice moves the AI cost from the central AI budget to the team's cost center in the enterprise's finance system.

The pipeline has to handle disputes. A team that claims the attribution is wrong (an application that should have been tagged to a different team, a user session that was contested) submits a dispute. The pipeline holds the disputed amount until the resolution.

The pattern requires the record set to be tamper-evident. A team that claims a specific request should have been tagged differently has to be able to look at the record and trust it. The hash-chained log pattern produces the tamper-evident property.

The interaction with FinOps for AI

The FinOps discipline that mature enterprises apply to cloud spend applies to AI spend with an added attribution challenge. Cloud services have per-resource tagging built in. AI providers do not.

The gateway is the equivalent of the cloud provider's tagging layer for AI. The gateway attaches the tags at request time, and the record set becomes the FinOps team's substrate for cost optimization.

The pattern lets the FinOps team apply the same discipline to AI: attribution, chargeback, forecasting, and optimization. The gateway is what makes the pattern possible.

DeepInspect

This is the gap DeepInspect closes at the AI request boundary. DeepInspect sits inline between the enterprise's callers and the LLM APIs they call. The gateway attaches team, application, user, category, and purpose tags to each request, applies the per-provider pricing to produce the normalized cost, and records the tuple in a hash-chained log.

The record set feeds the finance team's showback report, the chargeback pipeline, and the FinOps optimization workflow. The purpose field feeds the AI governance conversation with the board. The tamper-evident chain lets teams trust the attribution when the invoice arrives.

Book a demo today.

Frequently asked questions

Why does per-team attribution have to happen at the gateway?

The model provider's invoice shows aggregate account spend. The provider does not know which team, application, or user drove a specific request. Attribution has to happen at the boundary where the enterprise knows the identity context, and the boundary is the gateway between the enterprise's callers and the model provider.

What are the four attribution dimensions?

Team, application, user, and category. Team is the primary cost center. Application separates workloads inside a team. User identifies the human whose session drove the request. Category classifies the workload's characteristics (batch, interactive, high-priority, external, analytics). The four dimensions together give the finance team enough granularity to run chargeback.

How does the multi-model aggregation normalize the cost?

The gateway holds a pricing table per model, updated when providers change prices. The aggregation applies the pricing to the request's token counts and produces the dollar-equivalent cost. The normalized record has the same shape regardless of the provider, which simplifies the downstream aggregation and the per-team reporting.

What is the purpose field and why does it matter for chargeback?

The purpose field is an enterprise-defined enum that describes the business reason for the request. For chargeback, the field lets the finance team ask which purposes consumed the largest share. The purpose distribution is more informative than the aggregate spend and feeds the AI governance conversation with the board.

What does the showback report include?

Per-team monthly spend with month-over-month change. Per-application spend within each team. Per-model spend across teams with the per-response cost. Purpose distribution as a stacked-bar view. The report becomes the input to the quarterly budget review where each team defends its allocation for the next quarter.

Why does the record set have to be tamper-evident for chargeback?

Teams that receive an internal invoice for AI spend have to be able to look at the underlying records and trust them. A record set that can be silently altered after the fact loses the trust the chargeback pipeline requires. The hash-chained log pattern produces the tamper-evident property the disputes process needs.