The widespread adoption of enterprise AI agents is encountering a significant bottleneck, not rooted in the performance of the underlying artificial intelligence models, but rather in the complexities of permissioning. Nearly every agentic workflow eventually confronts the same fundamental challenge: establishing precise control over what data and actions an agent can access, on whose behalf it is acting, and how the system rigorously verifies these parameters.
Workday proposes a solution by integrating its established system of record as the governance framework for these agents. Gerrit Kazmaier, Workday’s president for product and technology, highlighted in an interview with VentureBeat that organizations frequently face difficulties when attempting to assemble bespoke AI agent solutions. He stated, “Sana ensures that the integrity of approvals and the security model are consistently maintained. Frankly, this is where we observe customers struggling when they attempt to develop do-it-yourself AI by merely accessing raw data; the richness of the security model becomes diluted, leading to overly broad and potentially inaccurate results.”
Workday, which introduced Sana in March, has amplified its strategic alliance with Google. This collaboration integrates Sana’s agent system of record into Gemini Enterprise, thereby enabling agents built on the Sana platform to be discoverable within the Gemini Enterprise environment.
Architecting Accuracy for Critical Business Functions
Kazmaier emphasized that the primary obstacle encountered by Workday was ensuring agent accuracy, particularly for users in human resources and finance departments. He remarked, “Being ‘almost right’ is simply unacceptable. Consider the implications of inaccurately compensating employees, failing to accurately close financial books, or unreliably managing work schedules.”
Achieving accuracy in these domains presents a more formidable challenge than in many other AI applications. Policy configurations, role-based security protocols, and intricate organizational hierarchies are deeply intertwined. Even minor discrepancies can lead to significant compounding errors. Furthermore, unlike many generative AI outputs that benefit from a feedback loop for correction, queries in HR and finance often lack such a mechanism. By the time an incorrect paycheck is processed or a scheduling error occurs, the damage is already incurred.
Workday’s approach to this challenge involves leveraging Gemini as its foundational reasoning layer, augmented by its proprietary context engine and business process logic. The system also incorporates sophisticated verification and classification models designed to meticulously scrutinize outputs prior to execution. Kazmaier posits that accuracy and identity are intrinsically linked; the core question is whether the system possesses sufficient understanding of the agent, the authorizing human user, and the current state of the relevant records to execute actions correctly.
A key advantage for Workday lies in its capability to infer organizational structures directly from the data provided by its clients. This is further substantiated by the fact that many third-party identity providers, such as Okta, validate their information by cross-referencing Workday’s data, positioning Workday’s contextual information as the de facto system of record for numerous enterprises. Kazmaier explained that the Sana Self-Service Agent utilizes Gemini as the conversational interface to initiate workflows. Users are then authenticated and authorized through Workday’s robust identity and security framework. Consequently, Sana agents operate strictly on behalf of the authenticated user and within the confines of their established permissions.
Audit trails follow a parallel logic: Gemini retains interaction logs for conversational context, while the primary audit trail, documenting all critical actions and approvals, remains securely within Workday and accessible to the customer. For many professionals in the HR and finance sectors, the robust permissioning and governance layer provided by an agent system of record is paramount, especially within regulated industries. Dan Obendorfer, Director of Product at Würk, commented via email, “It must reside within the system of record; this isn’t a preference, it’s the only viable approach. If your permissions are managed externally from where the actual data resides, you’ve already compromised the integrity of the system.” Similarly, Kadan Stadelmann, CTO and co-founder of Compance.AI, articulated the same principle, stating, “Without clear ownership, performance metrics, cost controls, or defined actions for agents, chaos is inevitable.”
Business Style Takeaway: The integration of AI agents within enterprise workflows necessitates a robust governance layer, emphasizing Workday’s strategy of leveraging its system of record for permissioning and security. This highlights a critical market need for AI solutions that prioritize accuracy and compliance, especially in regulated sectors like HR and finance, ensuring that AI adoption drives efficiency without compromising data integrity or operational risk.
Details can be found on the website : venturebeat.com