The Hidden Cost of Building AI Authorization In-House

Every engineering team that deploys AI agents eventually asks the question: should we build our own authorization system or buy one? The initial analysis usually favors building. "We already have an auth system. We just need to extend it. How hard can it be?"

The answer is: harder than you think, more expensive than you expect, and never actually finished. This post breaks down the real costs, drawing on conversations with teams that built their own AI authorization and teams that eventually stopped.

The Deceptively Simple Starting Point

The first version takes about two weeks. A middleware that intercepts tool calls, checks a permission table, and logs the result. It works for the demo. It handles the initial use case. The team is proud of it. It cost maybe 80 engineering hours.

Then the requirements start accumulating.

Cost 1: Risk Scoring (4-8 Weeks)

Binary allow/deny is not sufficient for AI agents. A $100 transfer and a $100,000 transfer should not have the same authorization outcome. The team needs risk scoring.

Risk scoring requires defining risk dimensions, implementing scoring functions for each dimension, calibrating weights for different domains, and testing that the scores produce reasonable outcomes. It requires understanding what "reasonable" means, which requires domain expertise that the engineering team may not have.

The first version of risk scoring takes 4-8 weeks of senior engineering time. It handles one domain (whatever the team's first use case is). Every subsequent domain requires additional calibration work.

Estimated cost: 160-320 engineering hours for the first domain, 40-80 hours per additional domain.

Cost 2: Intent Classification (3-6 Weeks)

Checking permissions against API endpoints is not enough. The authorization system needs to understand what the agent is trying to do. "POST /api/orders" could be a $50 test order or a $50,000 production order. The system needs to classify the intent by extracting parameters, mapping them to semantic categories, and evaluating them in context.

Intent classification requires a taxonomy of intents (which requires domain analysis), extraction logic for each tool or API (which requires integration work for every tool), and mapping rules that connect raw actions to intent categories.

Intended's canonical taxonomy (the Intended Intent Registry) contains over 300 intents across 14 domains. Building an equivalent taxonomy from scratch takes months. Most teams build an ad-hoc classification that covers their immediate needs and accumulates technical debt as new use cases arise.

Estimated cost: 120-240 engineering hours for initial implementation, ongoing maintenance as tools and APIs change.

Cost 3: Audit Trail With Integrity (4-6 Weeks)

A log table in PostgreSQL is not an audit trail that satisfies compliance requirements. Auditors want immutable records that cannot be modified by database administrators. They want cryptographic integrity guarantees. They want independent verification capability.

Building a proper audit trail requires implementing a hash-linked chain structure, integrating cryptographic signing (key management, rotation, HSM integration), building export capabilities for compliance reporting, and ensuring that the storage layer enforces append-only semantics.

Most teams start with a log table and tell themselves they will add integrity guarantees later. Later never comes until an auditor asks for it, at which point it is an emergency project with a deadline.

Estimated cost: 160-240 engineering hours, plus ongoing operational cost for key management.

Cost 4: Escalation Workflows (3-5 Weeks)

Allow and deny are not the only outcomes. High-risk actions need human review. Building escalation workflows requires a queue for held actions, notification integrations (Slack, email, PagerDuty), an approval interface, timeout handling, delegation logic, and multi-party approval support.

The first version (single-approver, Slack notification, simple timeout) takes about 3 weeks. Multi-party approval, delegation chains, and conditional approval add another 2-3 weeks each.

Every team underestimates the edge cases in escalation workflows. What happens when the approver's Slack is down? What happens when two approvers respond simultaneously? What happens when the action expires while the approver is typing their response? Each edge case is a bug report and a fix cycle.

Estimated cost: 120-200 engineering hours for a production-quality implementation.

Cost 5: Performance Engineering (2-4 Weeks)

An authorization check that adds 500ms to every agent action is an authorization check that gets bypassed. The system needs to be fast. For AI agents making dozens of tool calls per minute, sub-50ms p99 is the target.

Achieving sub-50ms requires local policy caching, efficient data structures for policy evaluation, in-memory velocity counters, and careful elimination of external I/O from the hot path. Most teams' first implementation does a database query on every evaluation. Optimizing to sub-50ms requires a rewrite of the evaluation path.

Estimated cost: 80-160 engineering hours for performance optimization.

Cost 6: Ongoing Maintenance (Continuous)

The authorization system is never finished. New tools require new intent classifications. New domains require new risk models. Policy changes require testing and deployment. Security vulnerabilities in dependencies require patching. Performance regressions require investigation.

A dedicated authorization system requires at least 0.5 FTE of ongoing maintenance. For larger deployments with multiple domains, 1-2 FTE is common. This is maintenance, not feature development. It is the cost of keeping the system running and up to date.

Estimated cost: 1000-4000 engineering hours per year.

Cost 7: Compliance Gaps (Unknown Until Discovered)

The most expensive cost is the one you do not see until an audit. A home-built authorization system has gaps that the team does not know about because they are not compliance experts. The audit trail does not meet SOC 2 requirements. The key management does not follow NIST guidelines. The policy evaluation does not handle edge cases that a PCI auditor checks for.

These gaps are discovered during audits, customer security reviews, or incidents. The cost to remediate them includes the engineering hours to fix the gaps plus the business cost of delayed deals, failed audits, or regulatory actions.

Estimated cost: impossible to predict, potentially very high.

The Total

Adding up the implementation costs: risk scoring (160-320 hours), intent classification (120-240 hours), audit trail (160-240 hours), escalation workflows (120-200 hours), performance engineering (80-160 hours). Total initial implementation: 640-1160 engineering hours.

At a fully-loaded engineering cost of $150 per hour, that is $96,000 to $174,000 in engineering time for the initial build. Plus $150,000 to $600,000 per year in ongoing maintenance. Plus unknown remediation costs for compliance gaps.

And you still do not have: domain packs validated across multiple organizations, a canonical intent taxonomy covering 14 domains, cryptographic proof that satisfies independent auditors, sub-50ms p99 latency tested at scale, or a dedicated team whose only job is making AI authorization better.

The Alternative

A purpose-built AI authority runtime like Intended provides all of the above out of the box. The integration cost is measured in hours, not months. The ongoing maintenance is handled by a dedicated team. The compliance posture is validated and continuously updated. The performance is engineered and benchmarked.

The buy decision is not about whether your team can build it. Of course they can. Your team is talented. The question is whether building AI authorization is the best use of their talent. Every hour spent on authorization infrastructure is an hour not spent on your core product, your customers, or the AI agent capabilities that differentiate your business.

Build the things that make your product unique. Buy the things that everyone needs.