Enterprise AI agents stand by permissions, not model performance. Every agent workflow eventually hits the same wall: what is this agent allowed to touch, on whose behalf, and how does the system know?
Workday’s answer is to transform its existing logging system into a management layer for agents. Gerrit Kazmaier, the company’s president of product and technology, told VentureBeat in an interview that customers often struggle when putting together solutions for their agents.
“Sana ensures the integrity of the approvals and the security model is always followed,” Kazmaier said. “Frankly, we see customers struggle when they try to build their own AI by just going into raw data, so the richness of the security model is lost and the results are too broad.”
Workday, which one It launched Sana in MarchSana has expanded its partnership with Google to introduce an agent record system Gemini Enterprise — so agents built on Sana can also be detected there.
Architectural accuracy
Kazmaier said the biggest hurdle they face is ensuring agent accuracy, especially for HR and finance users.
“Almost true is unacceptable,” Kazmaier said. “Think about paying people the right wages, closing the books, or managing work schedules reliably.”
Accuracy is more difficult to assess here than in most AI contexts. Policy configurations, role-based security, and organizational hierarchies are deeply intertwined—small combinations of errors. Unlike most generative AI results, HR and finance surveys don’t often have an adjustment period. Damage is done when a paycheck is mishandled or an interview is misscheduled.
Workday solved this problem by building Gemini as a core reasoning layer, then adding a context engine and workflow logic on top. Workday also added validation and classification models that “query” outputs before execution.
Accuracy and identity are the same question: does the system know enough about the agent, the authorizing person, and the current state of the record to act correctly?
Workday’s advantage is that it can infer the organizational structure of its clients from the information they provide. Third-party identity providers like Okta already verify their data by verifying Workday, so its context is a system of record for many businesses. Kazmaier said Sana uses Gemini as a conversational surface to trigger the Self-Service Agent workflow. The user is then authenticated and authorized through Workday’s identity and security model. Sana agents will only act on behalf of that user and will work within their current permissions.
Audit trails follow the same logic: Gemini keeps only interaction logs, while the main audit remains within Workday and its client.
For many practitioners in HR and finance, the level of authorization and control in an agent record system is fundamental in regulated spaces.
“It has to live in the system of record, it’s not a preference, it’s the only way it works,” Würk product director Dan Obendorfer said in an email to VentureBeat. “If your permissions are set outside of where the data actually lives, you’re already lost.”
Kadan Stadelmann, CTO and co-founder of Compance.AI, echoed the same sentiment. “Without agent ownership, performance, costs, or actions, chaos ensues.”
