I hope everyone had a great Memorial Day weekend. I spent part of mine preparing for a kitchen remodel and catching up on AI and FinOps research. Somewhere between cleaning out cabinets and reading earnings disclosures, a pattern became difficult to ignore:

FinOps still feels early.

Not early in the sense that organizations are unaware of cloud costs. Most companies now understand they have a spend problem somewhere across cloud, SaaS, AI, or data infrastructure. What still feels early is the discipline itself. The frameworks are maturing, but the operational models around them are not yet keeping pace with the scale and complexity of what is arriving.

The more I look at the market, the more it feels like FinOps is entering the same kind of expansion cycle cybersecurity entered roughly a decade ago. The category is established enough that enterprises know they need it, but still early enough that most organizations have not fully operationalized it. Meanwhile, the technology and commercial models underneath the industry are changing faster than practitioners can absorb them.

That combination usually signals the beginning of something much larger.

Cybersecurity as a discipline did not begin with cloud. The first CISO role dates back to Citicorp in 1995 after an attempted $10 million cyber theft. What matters for the FinOps comparison is not the beginning of cybersecurity itself, but the moment cloud forced the discipline to reinvent itself operationally.

That inflection point arrived between roughly 2010 and 2014.

AWS launched in 2006. Enterprise cloud adoption accelerated rapidly in the early 2010s. Gartner formally introduced the Cloud Security Posture Management category in 2014. Then came the breach cycle: Target in late 2013, Sony in 2014, followed by WannaCry, NotPetya, and Equifax between 2017 and 2018. By the time the SEC formalized cybersecurity disclosure requirements in 2023, the market had already spent nearly a decade turning cyber risk into a board-level governance issue.

The timeline matters because FinOps appears to be following a very similar curve.

The earliest recognizable cloud cost optimization work emerged around 2012 inside companies like Adobe and Intuit, but the discipline itself was not formally named until later. The term “FinOps” grew out of Cloudability customer advisory discussions in 2018. The FinOps Foundation launched in 2019 and joined the Linux Foundation in 2020. The O’Reilly FinOps book arrived the same year and helped codify the framework.

That makes FinOps, as a formally recognized discipline, roughly seven years old in 2026.

The maturity data reinforces how early things still are. According to the State of FinOps 2026 report, only 14% of organizations classify themselves at “Run” maturity, while 51% remain at “Walk.” Meanwhile, 78% of FinOps teams still report into the CTO or CIO rather than finance leadership or the board. At the same time, AI spend governance adoption jumped from 31% to 98% in just two years.

That resembles cybersecurity during the early cloud era almost perfectly. A category gets named. Organizations rush to build teams around it. The operational problem expands faster than the governance model surrounding it.

If you map the timelines directly, cloud-era cybersecurity roughly moved from “new operational category” in 2014 to “board-level governance mandate” by 2023, about a nine-year arc.

FinOps was formally established in 2019.

If the pattern holds, the next several years are likely not the maturity phase of FinOps. They are probably the expansion phase.

And unlike cybersecurity, FinOps is entering that phase while the economic models underneath enterprise technology are changing in real time.

One of the more interesting developments in AI infrastructure is how quickly billing and commitment models are converging toward patterns that experienced FinOps teams already understand.

OpenAI’s recently disclosed in their S-1 infrastructure commitments exceeding $1 trillion through 2035, spread across providers including Broadcom, Oracle, Microsoft, Nvidia, AMD, CoreWeave, and AWS. The scale itself is staggering, but the more important signal is the structure emerging around it. OpenAI has discussed programs such as Compute Annual Passes and guaranteed capacity agreements that increasingly resemble the reservation and commitment mechanics hyperscalers introduced more than a decade ago.

The neo-cloud providers are moving in the same direction.

CoreWeave, Lambda, Crusoe, Nebius, and others increasingly sell infrastructure through combinations of:

This should feel familiar to anyone who has spent years managing Reserved Instances, Savings Plans, or enterprise cloud commitments. That is part of the bullish case for FinOps. The discipline is not becoming obsolete because of AI. In many ways, the market is moving toward the kinds of governance problems FinOps already understands well:

A FinOps organization that has spent years managing cloud commitments already understands most of the operational mechanics required to govern AI capacity contracts.

The challenge is that the stakes and abstraction layers are increasing dramatically.

An unused Reserved Instance wastes money. An unused GPU reservation or under-consumed token commitment can waste substantially more, often against units procurement organizations still struggle to model properly. Tokens, inference requests, GPU-hours, context windows, and throughput guarantees are materially harder to reason about than compute instances and storage volumes.

The work itself is not disappearing. The surface area is expanding. That distinction matters. For years, FinOps teams primarily optimized infrastructure consumption. Increasingly, they will be expected to govern economic exposure across infrastructure, AI platforms, APIs, model providers, and long-term capacity agreements simultaneously.

That is a much larger operational discipline than traditional cloud cost management.

The third shift, and possibly the least discussed, is what AI does to traditional SaaS pricing models.

The long-term viability of seat-based pricing becomes increasingly questionable once software agents begin performing meaningful work on behalf of users. If fewer humans are directly interacting with software, charging purely per human seat becomes harder to justify economically.

The market already appears to recognize this.

Gartner’s 2025 research around AI-driven SaaS disruption projected that roughly 40% of enterprise SaaS spending could shift toward usage-based, outcome-based, or agent-driven pricing models by 2030. At the same time, traditional seat-based revenue share is expected to decline materially.

Most incumbent vendors are responding first with what Tropic described as the “AI Tax.” Lower-cost SKUs disappear. AI functionality gets bundled into higher pricing tiers. Customers are pushed upward during renewals, often with meaningful uplifts attached. That strategy may temporarily support revenue growth, but it does not solve the underlying problem.

The value unit itself is changing. Historically, SaaS monetized access. Increasingly, AI-native platforms are monetizing outcomes.

For example, Zendesk introduced outcome-based pricing tied to automated resolutions. Intercom’s Fin platform charges per successful outcome and has experienced extremely rapid growth as customers align spend more directly with measurable business results.

That distinction matters because once software pricing shifts toward outcomes, the billing structures start looking much closer to cloud and AI infrastructure economics:

At that point, FinOps stops being purely about cloud infrastructure. It becomes the operational discipline responsible for governing variable technology economics across the enterprise:

This is also why the FinOps Foundation’s evolution from “cloud financial management” toward broader “technology business value” language matters more than many people realize. The industry itself is expanding beyond infrastructure. The pricing models are forcing it there.

The first generation of FinOps focused heavily on visibility:

Those capabilities still matter, but they are increasingly becoming baseline operational requirements. The larger challenge emerging now is governance across rapidly changing consumption models. Organizations are going to need teams capable of understanding:

That is a materially broader discipline than most enterprises currently staff for.

It is also why this still feels like the beginning.

Cybersecurity eventually became a board-level governance issue because organizations could no longer absorb unmanaged operational risk. And while I believe FinOps appears to be heading toward a similar moment, except the risk is increasingly tied to consumption commitments, utilization mismatches, and variable-cost technology contracts spread across the entire enterprise stack. The organizations that recognize this shift early will build operating models around it.

The others will continue treating FinOps primarily as reporting until the commitment exposure becomes too large to ignore.

If you would like your company included in the Spotlight, contact the CloudXray AI Team

Company: CloudXray AI

Category: Managed Services & Consulting

What They Do: FinOps Consulting & Advisory Services; Owners & maintainers of the single largest FinOps company directory (finops.cloudxray.ai)

Why It Matters: Companies still need guidance on implementing FinOps and understanding the landscape of companies that exist