Idle GPUs, Ghost Accounts, and the 11,200 Dollar Audit

A twenty-three-person AI agency in Phoenix discovered during a routine audit that they were paying for GPU cloud instances that had been running, unused, for four months after a client project ended. The total wasted spend was $11,200. In the same audit, they found that three former employees still had active accounts on client-facing tools, two company laptops were unaccounted for, and nobody could locate the external hard drive containing the backup of a former client's training data that the contract required the agency to retain for two years.

None of these issues was catastrophic individually. But collectively, they painted a picture of an agency that did not track its assets, digital or physical, with any discipline. The wasted cloud spend was money thrown away. The orphaned accounts were security vulnerabilities. The missing hardware represented both financial loss and data risk. And the missing backup was a potential contractual breach.

Asset management sounds like something only large enterprises need to worry about. But AI agencies, even small ones, manage a surprising amount of assets: hardware, software licenses, cloud resources, API keys, client data, intellectual property, and digital resources. Without a system to track them, things get lost, money gets wasted, and risks accumulate quietly.

What Counts as an Asset in an AI Agency

The first step in asset management is defining what you need to track. For an AI agency, assets fall into several categories.

Physical hardware:

• Laptops and workstations issued to employees
• Monitors, peripherals, and accessories
• GPU servers or workstations (if you have on-premise compute)
• Networking equipment (routers, switches, access points)
• External storage devices

Software licenses:

• Per-seat SaaS subscriptions (design tools, development tools, PM tools)
• Per-use licenses (API access, compute credits)
• Enterprise licenses tied to the agency's account
• Open-source tools with commercial use restrictions

Cloud resources:

• Compute instances (VMs, containers, serverless functions)
• Storage buckets and databases
• Networking resources (load balancers, VPNs, DNS)
• Machine learning specific resources (training jobs, endpoints, notebooks)

Digital resources:

• Domain names
• SSL certificates
• API keys and credentials
• Code signing certificates
• Social media accounts

Intellectual property:

• Proprietary frameworks, tools, and libraries developed by the agency
• Reusable templates and playbooks
• Training materials and documentation
• Brand assets (logos, design systems, marketing materials)

Client-related assets:

• Client data in the agency's possession
• Model artifacts developed for clients
• Access credentials for client systems
• Documentation and deliverables

Building an Asset Inventory

You cannot manage what you do not inventory. Create a central asset register that tracks every significant asset.

For each asset, record:

• Asset ID: A unique identifier
• Category: Hardware, software, cloud, digital, IP, or client-related
• Description: What is it?
• Owner: Who is responsible for this asset?
• User: Who is currently using it? (May be different from the owner)
• Location: Where is it physically or logically? (Office, employee home, cloud region, client environment)
• Acquisition date: When was it acquired?
• Cost: Purchase price or recurring cost
• Status: Active, retired, lost, or decommissioned
• Expiration or renewal date: When does the license expire, the lease end, or the resource need renewal?
• Associated project: Which client or internal project is this asset tied to?

Start with high-value and high-risk assets. You do not need to track every USB cable. Focus first on assets that are expensive (laptops, cloud resources), risky (credentials, client data), or contractually significant (client data backups, licensed software).

Use a simple tool. A well-organized spreadsheet works for agencies under thirty people. For larger agencies, consider a lightweight asset management tool (Snipe-IT for hardware, a Notion database for digital assets, or a purpose-built solution like Asset Panda).

Hardware Asset Management

Issue hardware through a documented process. When a new employee receives a laptop, record the device model, serial number, assigned user, and issue date. Have the employee sign an acknowledgment.

Configure devices before issuing them. Every device should have disk encryption enabled, endpoint protection installed, and a standard set of development tools pre-configured. This is both a security measure and a productivity accelerator.

Track hardware throughout its lifecycle. When an employee leaves, hardware should be returned, wiped, and either reissued or retired. Add a hardware return step to your offboarding checklist.

Set a replacement schedule. Laptops typically have a useful life of three to four years for engineering work. Budget for replacements on a rolling schedule so you are not surprised by a wave of failing machines.

Handle remote equipment. If your team is distributed, maintain shipping records for equipment sent to remote employees. Include return shipping instructions and labels in the offboarding package.

Software License Management

Centralize license purchasing. All software subscriptions should be purchased through a single agency account, not individual employee accounts. This ensures the agency owns the licenses and can transfer or cancel them when people leave.

Track license utilization. Many agencies pay for more licenses than they use. Quarterly, review each subscription and check how many seats are active versus how many are assigned. Cancel or downgrade unused seats.

Manage license renewals proactively. Set calendar reminders for thirty days before each renewal date. This gives you time to evaluate whether the tool is still needed, negotiate the renewal price, or find a replacement.

Reclaim licenses during offboarding. When an employee leaves, their licenses should be immediately reassigned or canceled. Add license reclamation to the offboarding checklist.

Track open-source license compliance. If your agency uses open-source libraries with copyleft or attribution requirements, track those requirements and ensure compliance in your deliverables. A client discovering a GPL violation in code you delivered is a serious legal and reputational risk.

Cloud Resource Management

Cloud resources are one of the easiest assets to lose track of and one of the most expensive when unmanaged.

Tag every cloud resource. Use a consistent tagging scheme that identifies the project, client, team, and purpose of every resource. Tags enable you to filter billing by project, identify orphaned resources, and allocate costs accurately.

Standard tags:

• Project: the client project name or internal project
• Team: the team responsible
• Environment: production, staging, development
• Owner: the person who created or manages the resource
• Expiry: the date the resource should be reviewed for decommission

Set up billing alerts. Configure alerts when spending in any account or project exceeds expected thresholds. A spending spike often indicates a misconfigured resource, a forgotten instance, or unauthorized usage.

Review cloud resources monthly. As part of your monthly operations review, scan for resources that are running but unused: idle VMs, unattached storage volumes, orphaned snapshots, and forgotten endpoints. Decommission anything that is no longer needed.

Automate resource lifecycle management. For development environments, set up auto-shutdown schedules that stop instances outside of business hours. For training jobs, configure auto-termination after completion. These automations prevent the "left running over the weekend" waste that accumulates quickly.

Separate accounts by client. If possible, use separate cloud accounts or projects for different clients. This isolates billing, access, and data, making it easier to manage resources, control costs, and comply with client data requirements.

Credential and API Key Management

Credentials are a special category of digital asset that requires extra vigilance because of their security implications.

Use a centralized secrets manager. Store all API keys, database credentials, and service account tokens in a dedicated secrets management system (AWS Secrets Manager, HashiCorp Vault, 1Password Teams). Never store credentials in documents, spreadsheets, or Slack messages.

Rotate credentials on a schedule. API keys and passwords should be rotated at least quarterly, and immediately when a team member with access leaves the agency.

Track credential ownership. For every credential, document who created it, who has access, what it grants access to, and when it was last rotated. This inventory is critical for security audits and incident response.

Revoke access promptly during offboarding. Within twenty-four hours of an employee's departure, revoke their access to all internal systems, client systems, cloud accounts, and shared credentials. This is the single most time-sensitive step in offboarding.

Client Data Asset Management

Client data is the highest-risk asset category for an AI agency. Mismanagement can result in contractual breaches, regulatory penalties, and relationship damage.

Maintain a data inventory per client. For each client, document what data you hold, where it is stored, who has access, and when it should be deleted.

Follow data retention requirements. Your contracts likely specify how long you can retain client data after the engagement ends. Track these deadlines and delete data on schedule. Document the deletion for your records.

Separate client data from agency data. Client data should be stored in isolated environments, not commingled with your agency's internal data or other clients' data. This isolation simplifies access control, backup, and deletion.

Handle data transfer securely. When clients provide data, use encrypted transfer methods. When you return data to clients, use the same standard. Document every data transfer with date, method, and contents.

Intellectual Property Asset Management

Your agency's IP is a strategic asset that deserves active management.

Inventory reusable components. If your team has built frameworks, libraries, utilities, or templates that can be used across projects, catalog them. Include documentation, version information, and usage guidelines.

Clarify IP ownership in contracts. Your SOW should specify who owns the code, models, and other artifacts created during the engagement. Typically, client-specific deliverables are owned by the client, while general-purpose tools and frameworks built by the agency remain the agency's property. Clear ownership prevents disputes.

Protect proprietary assets. If your agency has developed genuinely proprietary methods, tools, or approaches, consider whether they warrant formal IP protection (patents, trade secrets, or copyrights). At minimum, ensure that employee and contractor agreements include IP assignment clauses.

Maintain your template and playbook library. Your documentation templates, process playbooks, and delivery frameworks are intellectual property. Keep them versioned, updated, and accessible to the team.

The Asset Management Lifecycle

Assets move through a lifecycle: acquisition, deployment, use, maintenance, and retirement. Manage each phase.

Acquisition: Record the asset in the inventory when it is purchased, provisioned, or created. Include cost, owner, and purpose.

Deployment: Assign the asset to a user or project. Update the inventory with the assignment.

Use: Monitor the asset for utilization, performance, and compliance. Ensure it is serving its intended purpose.

Maintenance: Keep the asset current. Update software, renew licenses, patch security vulnerabilities, and replace aging hardware.

Retirement: When the asset is no longer needed, decommission it properly. For hardware, wipe data and recycle or donate the device. For cloud resources, delete them and verify the billing stops. For credentials, revoke them. For client data, delete it according to the retention policy. Update the inventory to reflect the retirement.

Your Next Step

Start with your most expensive and highest-risk assets: cloud resources and software licenses.

This week, run a cloud billing review for the last three months. Look for resources that are running but not tied to an active project. Tag and decommission anything that is wasted.

This month, create an inventory of all software subscriptions. Compare the number of active licenses to the number of people who actually use each tool. Cancel or downgrade unused seats.

This quarter, build a complete asset register covering hardware, cloud resources, software licenses, credentials, and client data. Assign ownership for each category and establish a quarterly review cadence.

Asset management is not glamorous work. But the agency that knows where its resources are, what they cost, and who is responsible for them operates with a level of efficiency and security that compounds over time. Every dollar saved on wasted licenses and orphaned cloud instances is a dollar that goes to profit or reinvestment. Every credential tracked and rotated is a security incident prevented. Start the inventory this week.