An AI cost-management platform is the layer that tracks, allocates, and controls what your organization spends on large-language-model APIs — the OpenAI, Anthropic, Google, and open-model calls that now show up as a real line on the P&L. The confusing part, when you go shopping, is that a dozen tools all describe themselves this way, and they do four genuinely different jobs.
Some of them route traffic to models. Some of them record and analyze what already happened. Some of them allocate the cloud-and-AI bill after it arrives. And a smaller set actually enforces a budget before the call is made. Those are not the same product, and buying the wrong category is the most common mistake we see — a team buys a router when it needs enforcement, or a dashboard when it needs a chargeback.
This guide maps the space by category, gives each tool a fair one-or-two-line take and a "best for," and ends with a checklist you can run against your own requirements. It is a reference, not a ranking — the right tool depends on which of the four jobs you actually have.
Tokenality builds in one of these categories (the spend control plane), and we say so plainly below. We've tried to describe every other tool the way its own users would — because a guide that trashes the competition isn't useful to a buyer, and you'd see through it anyway.
The category map
Before the tools, the four jobs. Almost everything in AI cost management is one of these:
| Category | Core job | The question it answers |
|---|---|---|
| LLM gateways / proxies | Route and access many models through one API | "How do I reach every model reliably?" |
| LLM observability / evals | Record, trace, and evaluate calls | "What did my AI actually do, and was it any good?" |
| Cloud / FinOps cost platforms | Allocate the cloud + AI bill after it lands | "Where did the money go last month?" |
| AI spend control planes | Enforce budgets before the call and attribute spend to people/projects | "Was this call allowed, whose budget is it, and can I prove it?" |
The through-line for the rest of this guide: the first three categories are all about reach, hindsight, or allocation. The fourth is the only one about enforcement — stopping spend before it happens and tying every call to an owner with an audit trail. Most teams need something from more than one box.
LLM gateways and proxies
A gateway sits between your app and the model providers. It gives you one API for many models, plus retries, fallbacks, and often caching and basic spend logging. This is the "reach and reliability" layer.
- LiteLLM — The de-facto open-source proxy: 100+ providers behind one OpenAI-compatible API, self-hostable, with virtual keys, spend tracking, and policy-as-code. Best for: platform teams that want total control and are happy to run and maintain their own infrastructure.
- OpenRouter — A managed, hosted front door to hundreds of models with unified billing and fast setup, no infrastructure to run. Best for: teams that want one API and one invoice across many providers without operating a gateway.
- Portkey — A mature gateway control plane with routing, guardrails, caching, and granular quotas. Portkey was acquired by Palo Alto Networks and the deal closed on May 29, 2026; it now serves as the AI Gateway inside the Prisma AIRS security platform, so its packaging and pricing are shifting toward the enterprise security buyer. Best for: enterprises standardizing on the Palo Alto Networks security stack.
- Vercel AI Gateway — A hosted gateway tightly integrated with the Vercel/Next.js developer stack and the AI SDK. Best for: teams already building on Vercel who want the AI layer to match the rest of their stack.
- Truefoundry — An enterprise AI gateway emphasizing governance, RBAC, virtual models, and flexible (including self-hosted) deployment. Best for: platform teams that need standardization and enterprise deployment options more than pure simplicity.
The honest limit of a gateway for cost control: a gateway can log spend and often set quotas, and some enforce a hard cap. But most gateways are optimized for access and reliability, and their budgeting is a secondary feature — usually per-key or per-model, not per-person or per-project with a chargeback you can hand to finance. If your problem is "reach every model," a gateway is the answer. If your problem is "prove whose budget this was and stop overruns," keep reading.
LLM observability and evals
Observability tools record every call — prompts, responses, tokens, latency, cost — and let you trace, debug, and evaluate quality. This is the "hindsight and quality" layer, and it's indispensable for the engineer tuning a chain.
- Langfuse — The leading open-source LLM observability and evals platform: tracing, prompt management, and eval workflows, self-hostable. Langfuse was acquired by ClickHouse on January 16, 2026; it was already built on ClickHouse, remains committed to open source and self-hosting, and its roadmap continued post-acquisition. Best for: engineering teams that want deep, open-source tracing and evals and don't mind the analytics-vendor ownership.
- Helicone — An open-source observability proxy with logging and analytics. Helicone was acquired by Mintlify (announced March 3, 2026) and is now in maintenance mode — security patches and bug fixes only, per Mintlify's own note, with customers being helped to migrate. Best for: existing users; we'd be cautious about starting a new production dependency on a tool in maintenance mode unless you're prepared to self-host and own it.
- Braintrust — A strong observability-plus-evals platform: production logging, prompt/model experimentation on logged traces, and eval gates that can block a PR when quality drops. Best for: teams that treat eval-driven quality as a first-class part of shipping AI.
The honest limit of observability for cost control: these tools show you cost beautifully, after the call. As Braintrust's own writing puts it, an evals platform doesn't decide who can call a model or cap a team's spend. A dashboard is a record, and application code can rewrite a record — so it's the right tool for debugging and quality, and the wrong tool for enforcement or audit-grade attribution.
Cloud and FinOps cost platforms adding AI
These are the established cloud-cost (FinOps) platforms that have added AI/LLM spend as a first-class source. They pull your AWS/Azure/GCP/Kubernetes bill and your AI token spend into one place and allocate it. This is the "where did the money go" layer, and it's the natural home when AI is one line inside a much larger cloud bill.
- CloudZero — Dimensional cost intelligence that ingests AWS, Azure, GCP, Kubernetes, and AI providers (OpenAI, Anthropic, CoreWeave) and ties cost to products and customers. Best for: organizations that want unit-cost/COGS visibility across cloud and AI in one model.
- Vantage — Reports across 20+ cloud and SaaS providers, ingests OpenAI and Anthropic usage as first-class providers, and adds GPU cost visibility. Best for: teams wanting broad multi-provider cost reporting with AI folded in.
- Amnic — Read-only, agentless FinOps across AWS/Azure/GCP/Kubernetes that tracks LLM token spend in the same model as compute and storage; priced as a small percentage of monitored spend. Best for: FinOps teams that want unified cloud + AI allocation without deploying agents.
- Holori — Focused on AI cost visibility specifically, rather than full cloud unification. Best for: teams that want a lightweight, AI-first cost view.
The honest limit of FinOps for AI: these platforms are excellent at allocation after the fact — reading the bill and slicing it. By design they sit downstream of the spend, so they can tell you the search team spent $4,760 last month; they can't stop the runaway agent at 03:14 tonight, because they aren't in the request path. Allocation and enforcement are different jobs.
AI spend control planes
This is the enforcement category, and it's newer. A spend control plane sits in front of every AI call. It attributes each call to a person or project, enforces a hard budget before the provider is ever reached, and keeps an audit trail you can defend. It overlaps a gateway (it's in the request path) but its job is governance, not reach. For a fuller definition, see what is an AI spend control plane.
- Speakeasy — Published a well-regarded reference architecture defining the "AI control plane" in April 2026, with executable policy enforcement at the point of use, real-time PII/exfiltration blocking, and scoped access with centrally managed credentials. Best for: enterprises governing employee AI-tool sprawl (Claude, ChatGPT, Cursor, Copilot) across the org.
- Dedicated FinOps-for-LLM tooling — A handful of newer entrants position specifically around enforcing LLM budgets rather than just reporting them. This is an emerging sub-segment; evaluate any such tool on whether enforcement happens before the call and whether attribution is per-person/project, not just per-key. Best for: teams whose single biggest pain is runaway LLM spend.
- Tokenality — A spend control plane built around Virtual AI Keys (
tk_live_…) with hard caps enforced before the call: when a key or project hits its budget, the next request returns HTTP 402 and never reaches the provider. Every call is attributed on five dimensions (who, how much, why, where, when) into a Token Ledger, with a fail-closed PII mode, an append-only audit trail enforced at the database role level, a compliance evidence pack mapped to four frameworks (SOC 2, ISO 27001, ISO 42001, NIST AI RMF), and chargeback/GL push for finance. It runs as a governed proxy in front of any provider (native for Anthropic; others via the proxy) and deploys in about 30 minutes. Best for: finance, platform, and security teams that need to cap, attribute, and prove AI spend — not just watch it.
Comparison at a glance
One row per tool. "Enforces budgets before the call?" means: when a budget is exhausted, is the next call blocked at the gateway — not merely alerted on after the money is spent?
| Tool | Category | Best for | Enforces budgets before the call? | Open source? |
|---|---|---|---|---|
| LiteLLM | Gateway / proxy | Self-hosted control | Partial (per-key quotas) | Yes |
| OpenRouter | Gateway / proxy | One API, one invoice | Prepaid credit limits | No |
| Portkey (Palo Alto Networks) | Gateway / proxy | PANW security stack | Yes (quotas) | Core historically OSS; now in Prisma AIRS |
| Vercel AI Gateway | Gateway / proxy | Vercel-native teams | Limits, not hard team caps | No |
| Truefoundry | Gateway / proxy | Enterprise governance | Yes (RBAC + quotas) | No |
| Langfuse (ClickHouse) | Observability / evals | Deep tracing + evals | No (records, doesn't block) | Yes |
| Helicone (Mintlify) | Observability / evals | Existing users (maintenance mode) | No | Yes |
| Braintrust | Observability / evals | Eval-driven quality | No | No |
| CloudZero | Cloud / FinOps | Unit-cost across cloud + AI | No (allocates after the bill) | No |
| Vantage | Cloud / FinOps | Broad multi-provider reporting | No | No |
| Amnic | Cloud / FinOps | Agentless unified FinOps | No | No |
| Holori | Cloud / FinOps | AI-first cost visibility | No | No |
| Speakeasy | Spend control plane | Employee AI-tool governance | Yes (policy enforcement) | Reference architecture / commercial |
| Tokenality | Spend control plane | Cap + attribute + prove spend | Yes (HTTP 402 before the call) | Source-available (proprietary) |
Categories are approximate and capabilities move fast — treat this as a starting map, not a spec sheet. Verify current features and pricing directly with each vendor, especially the four tools that changed hands in the last two quarters.
The one distinction that decides your category
If you strip everything else away, one question sorts the field:
When a budget is exhausted, does the next call get blocked — or just logged?
- Gateways give you reach. Some enforce quotas; most treat budgeting as secondary to access and reliability.
- Observability gives you hindsight. It shows spend perfectly, after the fact — it does not stop it.
- FinOps gives you allocation. It reads the bill and slices it; it isn't in the request path.
- A spend control plane gives you enforcement. It stops the call before the money is gone, attributes it to an owner, and keeps a record you can hand an auditor.
Most organizations need something from two boxes: an observability tool for the engineers and a control plane for the dollar (and often a FinOps platform if AI is a small slice of a big cloud bill). That's a feature, not a contradiction — they do different jobs.
How to choose: a checklist
Run these against your own situation. Your answers point you to a category, not a brand.
- What's the actual pain? "Reach more models" → gateway. "Debug/eval quality" → observability. "Allocate the cloud bill" → FinOps. "Stop overspend and prove who spent it" → spend control plane.
- Do you need enforcement or reporting? If a blown budget must block the next call, only a gateway-with-hard-caps or a control plane qualifies. Reporting tools won't.
- What's the unit of attribution? Per-key is easy; per-person and per-project with a chargeback finance can reconcile is the harder, more useful bar.
- Is an audit trail required? If an auditor or customer will ask for an immutable record of who spent what on which model, you need append-only storage, not a mutable dashboard.
- Buy or self-host? Open-source (LiteLLM, Langfuse) means control and maintenance burden; managed means speed and a vendor dependency. Weigh acquisitions — a tool in maintenance mode (Helicone) is a self-host-and-own decision.
- How stable is the vendor? Four tools here changed hands in two quarters. Confirm roadmap, pricing, and support commitments before you build a production dependency.
- Does it map to your chart of accounts? Cost data you can't push to the GL is a report, not governance. Look for chargeback/showback that reconciles to the provider invoice.
- Compliance scope? If you carry SOC 2 / ISO 27001 / ISO 42001 / NIST AI RMF obligations, a continuous evidence pack beats assembling proof by hand at audit time.
Where to go from here
If you landed on "I need to cap, attribute, and prove AI spend," that's the spend-control-plane box — and the fastest way to feel the difference is to watch a call get attributed, hit a cap, and get denied with a 402 before it costs anything.
- Run your last provider invoice through the free, no-key AI Spend Audit to see before/after attribution in the browser.
- Read what is an AI spend control plane and AI cost attribution for the mechanics.
- Compare head-to-head at the comparisons hub, price a workload with the LLM cost calculator and LLM pricing reference, or look up a term in the glossary.
- When you want to see it live, book a demo.
Ten tools, four jobs. Pick the box that matches your pain, then pick the tool. Every token counts.