Enterprise AI agents are stalling – not because of model performance, but because of permissions. Every agentic workflow ultimately hits the same wall: What is this agent allowed to touch, on whose behalf, and how does the system know?
Workday’s answer is to make its existing record system the governance layer for agents. Gerrit Kazmaier, the company’s president for product and technology, told VentureBeat in an interview that customers often struggle when putting together solutions for their agents.
“Sana ensures that the integrity of the approval and security model is always adhered to,” Kazmaier said. “Frankly, this is where we see customers struggle when they try to build do-it-yourself AI by just accessing the raw data, so the richness of the security model is lost, and the results become overly broad.”
Workday, which launched Sana in March, expanded its partnership with Google to bring its Sana agent system to Gemini Enterprise — so agents built on Sana can also be discovered there.
architectural accuracy
Kazmaier said the biggest hurdle he faced was ensuring agent accuracy, especially for HR and finance users.
“Almost perfect is not acceptable,” Kazmaier said. “Think about paying people accurately, closing books or managing work schedules reliably.”
Accuracy is harder to evaluate here than in most AI contexts. Policy configuration, role-based security, and organizational hierarchy are deeply interconnected – a small error compounds. And unlike most generative AI outputs, HR and finance questions often lack improvement loops. By the time a pay check is processed incorrectly or an interview is incorrectly scheduled, the damage has already been done.
Workday addressed this by building Gemini as its base logic layer, then adding its context engine and business process logic on top. Workday also added validation and classification models that “interrogate” the output before execution.
Accuracy and identity, it’s the same question: Does the system know enough about the agent, the authorized human, and the current state of the record to function correctly?
Workday’s advantage is that it can predict its customers’ organizational structures from the data they provide. Already, third-party identity providers like Okta verify their information by checking with Workday, so it’s the system of record for many enterprises. Kazmaier said Sana uses Gemini as a conversational surface to trigger self-service agent workflows. The user is then authenticated and authorized through Workday’s identity and security model. Sana agents will act only on behalf of that user and will operate within their current permissions.
Audit trails follow the same logic: Gemini only keeps interaction logs, while the main audit remains within Workday and its client.
For many professionals in HR and finance, the permissions and governance layer in the agent system of record is important in regulated locations.
“It has to stay in the system of record, it’s not a priority, it’s the only way it works,” said Dan Obendorfer, director of product at Wurk, in an email to VentureBeat. “If your permissions are defined somewhere outside of where the data actually resides, you’ve already lost.”
Kadan Stadelman, chief technology officer and co-founder of Compance.AI, said the same thing separately. “Without agent ownership, performance, costs, or actions, chaos ensues.”
<a href