Enterprise AI agents are stalling, not because of model performance, but because of permission granting. Every agent workflow eventually hits the same wall: what can this agent touch, on whose behalf, and how does the system know?
Workday’s answer is to make its existing system of record the governance layer for agents. Gerrit Kazmaier, the company’s president of products and technology, told VentureBeat in an interview that clients often struggle when cobbling together solutions for their agents.
“Sana ensures that the integrity of the approvals and the security model are always respected,” Kazmaier said. “Frankly, that’s where we see customers struggle when they try to create AI that they can do themselves just by accessing raw data, so the richness of the security model is lost and the results become too broad.”
working day, which launched Sana in Marchexpanded its partnership with Google to bring its Sana agent registration system to the Gemini Company – so agents built in Sana can also be found there.
Architectural precision
Kazmaier said the biggest hurdle they faced was ensuring agent accuracy, especially for HR and finance users.
“Almost right is not acceptable,” Kazmaier said. “Think about paying people correctly, closing the books, or managing work schedules reliably.”
Accuracy is harder to assess here than in most AI contexts. Policy configurations, role-based security, and organizational hierarchies are deeply intertwined—a small mistake adds up. And unlike most generative AI outputs, HR and finance queries often lack a remediation cycle. When a paycheck is processed incorrectly or an interview is poorly scheduled, the damage has already been done.
Workday addressed this by building Gemini as its base reasoning layer and then adding its context engine and business process logic on top. Workday also added verification and classification models that “interrogate” results before execution.
It turns out that accuracy and identity are the same question: Does the system know enough about the agent, the authorizing human, and the current state of the record to act correctly?
The advantage of Workday is that you can infer your clients’ organizational structures from the data they provide. Third-party identity providers like Okta already verify your information by querying Workday, so its context is many companies’ system of record. Kazmaier said Sana’s self-service agent uses Gemini as a conversation surface to activate workflow. The user is then authenticated and authorized through Workday’s identity and security model. Sana agents will only act on behalf of that user and will work within their current permissions.
Audit logs follow the same logic: Gemini retains only the interaction logs, while the primary audit remains within Workday and your client.
For many HR and finance professionals, the permission and governance layer in the agent registration system is key in regulated spaces.
“It has to live in the system of record, that’s not a preference, that’s the only way it works,” Dan Obendorfer, Würk’s chief product officer, said in an email to VentureBeat. “If your permissions are defined somewhere outside of where the data actually resides, you’re already lost.”
Kadan Stadelmann, CTO and co-founder of Compance.AI, made the same comment separately. “Without agent ownership, performance, costs or actions, chaos ensues.”
