Back to Beyond Market Intelligence
3 min readfrom VentureBeat

The AI agent bottleneck isn't model performance — it's permissions

Our take

The challenge facing enterprise AI agents isn't their performance, but rather the complexities of permissioning. As workflows encounter limits on what agents can access and manage, Workday addresses this by integrating its existing system of record as the governance layer for AI agents. Gerrit Kazmaier, Workday’s president for product and technology, emphasizes the importance of maintaining a robust security model to avoid pitfalls in DIY AI solutions.
The AI agent bottleneck isn't model performance — it's permissions

The insights shared by Gerrit Kazmaier, president for product and technology at Workday, reveal a crucial aspect of the enterprise AI landscape that often goes overlooked: the bottleneck within AI agents is not about their performance but rather about permissioning. As organizations seek to leverage AI for enhanced productivity and efficiency, they frequently encounter the limitations imposed by complex governance and security frameworks. This challenge mirrors a broader trend we see in technology adoption, where effective implementation hinges more on compliance and organizational structure than on the technology itself. The implications are significant, especially when considering adjacent discussions in our publication, such as Coders are refusing to work without AI — and that could come back to bite them and [Baseline Enterprise RAG, From PDF to Highlighted Answer](/post/baseline-enterprise-rag-from-pdf-to-highlighted-answer

Enterprise AI agents are stalling — not because of model performance, but because of permissioning. Every agentic workflow eventually hits the same wall: what is this agent allowed to touch, on whose behalf, and how does the system know?

Workday's answer is to make its existing system of record the governance layer for agents. Gerrit Kazmaier, the company's president for product and technology, told VentureBeat in an interview that customers often struggle when they cobble together solutions for their agents. 

“Sana makes sure the integrity of the approvals and security model is always adhered to,” Kazmaier said. “Frankly, that’s where we see customers struggling when they try to build do-it–yourself AI by just accessing raw data, so the richness of the security model gets lost, and the results become overly broad.”

Workday, which launched Sana in March, expanded its partnership with Google to bring its Sana agent system of record to the Gemini Enterprise — so agents built on Sana are also discoverable there.

Architecting accuracy

Kazmaier said the biggest hurdle they faced was ensuring agent accuracy, especially for HR and finance users. 

“Almost right is not acceptable,” Kazmaier said. “Think about paying people correctly, closing the books or managing work schedules reliably.”  

Accuracy is harder to evaluate here than in most AI contexts. Policy configurations, role-based security, and organizational hierarchies are deeply interrelated — a small error compounds. And unlike most generative AI outputs, HR and finance queries often lack a correction loop. By the time a paycheck processes incorrectly or an interview is scheduled wrong, the damage is done.

Workday addressed this by building Gemini in as its base reasoning layer, then adding its context engine and business process logic on top. Workday also added verification and classification models that “interrogate” outputs before execution. 

Accuracy and identity, it turns out, are the same question: does the system know enough about the agent, the authorizing human, and the current state of the record to act correctly?

Workday’s advantage is that it can infer its customers' organizational structures from the data they provide. Already, third-party identity providers like Okta verify their information by checking Workday, so its context is the system of record for many enterprises. Kazmaier said the Sana Self-Service Agent uses Gemini as the conversational surface to trigger the workflow. The user is then authenticated and authorized through Workday’s identity and security model. Sana agents will only act on behalf of that user and work within their current permissions. 

Audit trails follow the same logic: Gemini retains only interaction logs, while the main audit remains within Workday and its customer. 

For many practitioners in the HR and finance space, the permission and governance layer in the agent system of record is key in regulated spaces. 

“It has to live in the system of record, that’s not a preference, that’s the only way it works,” said Dan Obendorfer, director of product at Würk, in an email to VentureBeat. “If your permissions are defined somewhere outside of where the data actually lives, you’ve already lost.”

Kadan Stadelmann, chief technology officer and co-founder of Compance.AI, made the same point separately. “Without agent ownership, performance, costs or actions, chaos ensues.”

Read on the original site

Open the publisher's page for the full experience

View original article

Tagged with

#generative AI for data analysis#Excel alternatives for data analysis#natural language processing for spreadsheets#big data performance#enterprise data management#conversational data analysis#real-time data collaboration#data cleaning solutions#big data management in spreadsheets#enterprise-level spreadsheet solutions#intelligent data visualization#data visualization tools#data analysis tools#self-service analytics tools#workflow automation#self-service analytics#google sheets#business intelligence tools#rows.com#AI-driven spreadsheet solutions