Same $1,500, Two Worlds: Uber Caps AI Tool Costs, Dev Tests LLM Security
Uber caps AI coding tools at $1,500/month per engineer while a security researcher spends $1,500 testing if LLMs can hack. The same number tells you everything about where AI tools stand today.
Jun 4, 2026 · 4 min read
Key Takeaways
The same number, $1,500, is being used by two different worlds to answer the same question: Is the AI tool worth the price?
On one side, Uber is capping its engineers' AI coding tool spending at $1,500/month per tool (exclusively reported by Bloomberg, analyzed in depth by Simon Willison). On the other side, security researcher Kasra spent $1,500 on a brutal experiment -- asking mainstream LLMs to hack a deliberately vulnerable app he built. One $1,500 is a corporate procurement ceiling, the other is a developer's real cost of testing AI security capabilities. Two adjacent HN front-page posts (558 pts + 317 pts) reveal two sides of the same answer.
Uber's $1,500 Cap: A Watershed Moment for AI Tool Pricing
On June 3, Bloomberg reported that Uber had blown through its 2026 AI budget in just four months. The rideshare giant is now enforcing a $1,500/month spending cap per AI coding tool for all employees. An Uber spokesperson confirmed the policy.
Simon Willison broke down the math: assuming two actively used tools per engineer, that's $3,000/month cap, or $36,000 annualized. Uber's median engineer total compensation is roughly $320,000 (including equity), meaning each engineer's AI tooling cap represents about 11% of that.
More revealing is Willison's self-comparison: he personally spends about $1,000/month across Anthropic and OpenAI APIs, but thanks to subsidized personal plans, he only pays $100. If he worked at Uber, the $1,500 cap would still leave him about $500 of headroom for each tool.
This data point matters because it's the first time a Fortune 500 company has publicly disclosed its AI tool procurement cost structure -- not estimates, but official policy numbers.

The $1,500 Hack Experiment: Can AI Really Do Penetration Testing?
That same day, independent security researcher Kasra shared his $1,500 experiment on HN: asking various LLMs to hack a deliberately vulnerable React Native + Python app he built.
The setup was straightforward: a book review app with backdoors, where the goal was to find a secret flag hidden in a user's private reviews. Kasra fed the challenge description and APK to different models and tracked their performance:
10 full runs per model (ranked by success rate):
- Claude Code -- 9/10, fastest to find the flag, best at understanding app architecture and finding backdoor entry points
- GPT-5.5 -- 7/10, strong reasoning but sometimes over-analyzes and takes detours
- Gemini 2.5 Pro -- 5/10, can identify vulnerability patterns but misses execution steps
- Claude 4.5 Sonnet -- 5/10, similar performance to Gemini
- DeepSeek V4 -- 4/10, sufficient reasoning depth but less flexible tool use
Partially tested models:
- Claude Opus 4.7 -- Excelled in complex chained attack scenarios across 25 runs
- Cursor Agent -- Good at code-level vulnerability discovery but lacks global attack path planning
- Codex -- High automation but easily lost direction without explicit guidance
Kasra's conclusion is pragmatic: current mainstream LLMs demonstrate considerable capability in structured penetration testing, but they're still far from replacing professional security researchers. Even the best performer, Claude Code, failed 1 out of 10 times, and all models struggled with non-standard vulnerability chains.

Side-by-Side: Two Interpretations of $1,500
| Dimension | Uber Cost Cap | Kasra Security Test |
|---|---|---|
| $1,500 role | Monthly limit (procurement) | Experiment cost (investment) |
| Core question | Is $1,500/month for AI worth it? | Is $1,500 to test AI security worth it? |
| Answer | 11% of comp is a reasonable ceiling | AI can do structured attacks but isn't fully trustworthy |
| Perspective | CFO: control spending | CISO: assess risk |
| Data source | Uber confirmed policy | Full experiment data open |
| For readers | Know if you're overpaying | Know how much to trust |
HN Community Reaction
Both threads generated nearly 900 combined comments, showing intense community interest.
Top consensus on Uber cap thread:
- Many users noted $1,500/month/tool is actually generous -- individual developers rarely spend that much on API tokens
- Some questioned the "11% of comp" calculation since equity shouldn't count as cash expenditure
- Several argued the "cap + free choice" model is better than blanket bans, encouraging engineers to pick the right tools within budget
Top consensus on AI security thread:
- Security community broadly认可 Kasra's experiment design, noting "building a real vulnerable app" is more convincing than using CTF challenges
- Multiple professional security researchers commented: LLMs help find logic flaws but can't replace deep human understanding of business logic
- A recurring theme: "AI lowers the barrier to entry for pentesting, but expert-level security analysis becomes more valuable, not less"
Practical Takeaways
-
Enterprise buyers: $1,500/month/tool is a reasonable benchmark for AI coding tool budgets. See the GitHub Copilot Pricing Guide 2026 for real cost comparisons.
-
Security leaders: Claude Code's 90% success rate in penetration testing means AI Agent security boundaries are being breached fast. Set up security sandboxes now with the AI Coding Agent Security Guide.
-
Indie developers: Claude Code + Claude 4.5 Sonnet covers daily coding and security checks for about $200/month. For model selection help, see the AI Coding Agent Comparison Guide.
Next Steps
Learn the method: AI Coding Agent Security Configuration Tutorial
See it in action: Run 70B Models Locally with Intel AutoRound
Monetization angle
How can you make money from this trend?
WayToClawEarn focuses on verified earn playbooks—not just news. Start from these cases.
n8n + OpenAI affiliate site
Automate content and affiliate monetization
Claude + n8n automation agency
Charge monthly for agent workflow builds