The Core Shift: From Model Performance to Permissions

The prevailing narrative in enterprise AI has been that model performance—accuracy, latency, reasoning—is the primary bottleneck to agent adoption. Workday's launch of Sana in March 2026, and its expanded partnership with Google to bring the agent system of record to Gemini Enterprise, reveals a different truth: the real bottleneck is permissions. Every agentic workflow eventually hits the same wall: what is this agent allowed to touch, on whose behalf, and how does the system know?

Gerrit Kazmaier, Workday's president for product and technology, told VentureBeat that customers often struggle when they cobble together solutions for their agents. “Sana makes sure the integrity of the approvals and security model is always adhered to,” he said. “Frankly, that’s where we see customers struggling when they try to build do-it–yourself AI by just accessing raw data, so the richness of the security model gets lost, and the results become overly broad.”

This insight reframes the enterprise AI battleground. The winners will not be those with the best foundation model, but those who can embed governance, identity, and business logic into the agent's operating system. Workday's advantage is that it already serves as the system of record for HR and finance data for thousands of enterprises. By making that system the governance layer for agents, Workday is creating a moat that pure-play AI vendors cannot easily replicate.

Architecting Accuracy: Why Almost Right Is Not Acceptable

Kazmaier emphasized that accuracy is the biggest hurdle, especially for HR and finance users. “Almost right is not acceptable,” he said. “Think about paying people correctly, closing the books or managing work schedules reliably.” In these domains, errors compound quickly. A small misconfiguration in role-based security or organizational hierarchy can lead to incorrect paychecks or unauthorized access to sensitive data. Unlike generative AI outputs that can be corrected after the fact, HR and finance actions often lack a correction loop—by the time a paycheck processes incorrectly, the damage is done.

Workday addressed this by building Google Gemini as its base reasoning layer, then adding its context engine and business process logic on top. Crucially, Workday also added verification and classification models that “interrogate” outputs before execution. This multi-layered approach ensures that the agent not only understands the request but also verifies that the action is permissible within the customer's security model. Accuracy and identity, it turns out, are the same question: does the system know enough about the agent, the authorizing human, and the current state of the record to act correctly?

Winners & Losers: The Permissions Moat Reshapes the Market

Winners:

  • Workday: By embedding agent governance into its system of record, Workday increases platform stickiness and raises switching costs. Customers who adopt Sana will find it increasingly difficult to leave Workday, as their agent workflows are deeply intertwined with Workday's data and permissions model.
  • Google Cloud: The partnership with Workday gives Gemini a foothold in the enterprise HR and finance vertical, a high-value, regulated space. Google gains credibility and a reference architecture for agentic AI that other enterprises can emulate.
  • Workday customers: They gain a self-service agent that can handle complex HR and finance tasks with high accuracy, reducing manual effort and error rates. The agent operates within existing permissions, minimizing security risks.
  • Okta: As a third-party identity provider that verifies its information by checking Workday, Okta becomes a key verification partner, potentially increasing its integration value and stickiness.

Losers:

  • Traditional HR/Finance software vendors: Vendors like SAP SuccessFactors, Oracle HCM, and ADP face competitive pressure from Workday's AI-enhanced agent system. They must either develop similar governance layers or risk losing market share.
  • Other AI model providers (e.g., OpenAI, Anthropic): Workday's commitment to Gemini as its base reasoning layer locks out other model providers from a major enterprise deployment. This could limit their access to high-value HR and finance use cases.
  • Standalone AI agent startups: Startups that focus on building general-purpose AI agents without deep integration into enterprise systems of record will struggle to compete. Workday's approach shows that governance and permissions are critical for regulated environments, and startups lack the data and trust that incumbents have.

Second-Order Effects: The Rise of the Agent System of Record

The concept of an “agent system of record” is likely to become a standard in enterprise AI. Just as customer data platforms (CDPs) became the single source of truth for marketing, agent systems of record will become the single source of truth for AI agent permissions and actions. This shift will have several second-order effects:

  • Consolidation around platform players: Enterprises will prefer to buy agent governance from their existing system-of-record vendors rather than stitching together solutions from multiple vendors. This favors incumbents like Workday, Salesforce, and SAP.
  • Increased importance of identity providers: Identity and access management (IAM) vendors like Okta, Microsoft Entra ID, and Ping Identity will become critical partners for agent systems. Their ability to verify user identities and permissions will be a key integration point.
  • Regulatory tailwinds: As regulators scrutinize AI decision-making, the ability to provide audit trails and demonstrate compliance will become a competitive advantage. Workday's approach of retaining the main audit within its system, while Gemini retains only interaction logs, positions it well for regulatory demands.
  • Shift in AI model selection criteria: Enterprises will prioritize models that can be easily integrated with existing governance frameworks. Model performance will still matter, but it will be table stakes. The ability to work within a permissions model will be a differentiator.

Market / Industry Impact: The Permissions Layer Becomes the New Moat

The enterprise AI market is moving from a focus on model capabilities to a focus on integration and governance. Workday's Sana demonstrates that the most valuable AI agents are those that can act on behalf of users within the constraints of enterprise security and compliance. This shift will accelerate the consolidation of the AI agent market around platform vendors that own the system of record.

For investors, this means that the most promising AI opportunities are not in foundation models but in the middleware that connects models to enterprise data and permissions. Companies like Workday, Salesforce, and ServiceNow are well-positioned to capture value from the agent era. For enterprise buyers, the key decision is not which AI model to use, but which platform to trust with their agent governance.

Executive Action: What to Do Now

  • Audit your current agent permissions: If you are deploying AI agents, ensure that your permissions model is as rich as your data model. Workday's warning about DIY AI losing the richness of the security model is a cautionary tale. Invest in a governance layer that can enforce role-based access and audit trails.
  • Evaluate your system-of-record vendor's AI roadmap: If you use Workday, Salesforce, or SAP, assess their agent capabilities. The agent system of record will become a critical part of your tech stack. Consider whether your vendor can provide the governance and integration you need.
  • Start small with high-value, low-risk use cases: Begin with self-service agents for tasks like password resets or leave requests, where errors are easily corrected. Gradually expand to more complex workflows as you gain confidence in the permissions model.

Why This Matters

The AI agent revolution is not being held back by model intelligence—it is being held back by trust. Workday's Sana shows that the path to enterprise AI adoption runs through governance, not through better reasoning. If you ignore the permissions bottleneck, your AI agents will either be too restricted to be useful or too permissive to be safe. The window to build a robust governance layer is now; those who wait will find themselves locked out by incumbents who already own the system of record.

Final Take

Workday's Sana is a strategic masterstroke that redefines the enterprise AI battleground. By making permissions the core of its agent architecture, Workday has turned its system of record into an unfair advantage. Competitors will scramble to replicate this approach, but they lack the depth of data and trust that Workday has built over decades. The message is clear: in the age of AI agents, governance is the new moat.



Source: VentureBeat

Rate the Intelligence Signal

Intelligence FAQ

Because agents need to act on behalf of users within strict security and compliance boundaries. Without a robust permissions model, agents either cannot access the data they need or expose the enterprise to risk. Workday's Sana solves this by embedding governance into the system of record.

Sana is built on top of Workday's system of record, meaning it already understands the customer's organizational structure, role-based security, and business processes. It uses Google Gemini for reasoning but adds a context engine and verification models to ensure actions are permissible and accurate.

Workday's commitment to Gemini as its base reasoning layer locks out other model providers from a major enterprise deployment. This could limit their access to high-value HR and finance use cases, forcing them to seek partnerships with other system-of-record vendors.