Enterprise-Grade Security for Your AI Agents

Workday unveiled a comprehensive suite of AI tools at its DevCon event this week, with a particular focus on enabling secure and compliant agentic systems. The flagship offering is Agent Passport, designed to validate the safety and ethical behavior of AI agents throughout their lifecycle.

How Agent Passport Works

When an agent attempts an action, Agent Passport evaluates it against predefined security policies. This can result in:

  • Allowing the action to proceed
  • Blocking the action entirely
  • Routing the request through additional checks

The system assesses agents for various risks including:

  • Prompt injection attacks
  • Data leaks and privacy violations
  • Unsafe or biased outputs
  • Goal hijacking vulnerabilities

Each assessment generates a signed, auditable record that security teams can review. This transparency helps organizations track which agents have been tested, by whom, and against what standards.

Key Benefits for Enterprises

  • Standardized Security: Using public frameworks like Mitre ATLAS ensures consistent evaluation across different vendors and solutions
  • Continuous Monitoring: Agent Passport provides ongoing validation as agents operate in real-world environments
  • Clear Accountability: The auditable record identifies who tested the agent and what criteria were used
  • Faster Deployment: Pre-vetted agents can be deployed with confidence, knowing they meet security requirements

Workday has partnered with Cisco to provide initial testing services. Additional partners will be added over time as the program matures.

Beyond Agent Passport

The broader AI toolkit includes:

  • Developer Agent: A coding assistant that helps developers build custom agents for Workday and beyond
  • Agent-Ready Tools: Pre-built connectors providing secure access to enterprise data and systems
  • Open AgentSkills Standard (OASS): An open framework enabling interoperability between different AI platforms

With these tools, organizations can accelerate their adoption of generative AI while maintaining control over security and compliance.