The AI Agent Bottleneck: Why Permissions Trump Model Performance

Enterprise AI agents are hitting a roadblock, and it's not because of model performance. The real challenge lies in permissions: what is an agent allowed to access, on whose behalf, and how does the system know? This hurdle has prompted companies like Workday to integrate their existing system of record as the governance layer for agents.

Gerrit Kazmaier, Workday's president for product and technology, explained in an interview that customers often struggle when cobbling together solutions for their agents. "Sana makes sure the integrity of the approvals and security model is always adhered to," Kazmaier said. "Frankly, that's where we see customers struggling when they try to build do-it-yourself AI by just accessing raw data, so the richness of the security model gets lost, and the results become overly broad." Workday launched Sana in March and has since expanded its partnership with Google to bring Sana to the Gemini Enterprise.

Ensuring agent accuracy is a significant challenge, particularly for HR and finance users. "Almost right is not acceptable," Kazmaier emphasized. "Think about paying people correctly, closing the books or managing work schedules reliably." Accuracy is harder to evaluate in this context than in most AI scenarios, as policy configurations, role-based security, and organizational hierarchies are deeply interrelated.

A small error can have significant consequences, and unlike most generative AI outputs, HR and finance queries often lack a correction loop. Workday addressed this challenge by building Gemini as its base reasoning layer, then adding its context engine and business process logic on top. The company also added verification and classification models that "interrogate" outputs before execution.

According to Kazmaier, accuracy and identity are essentially the same question: does the system know enough about the agent, the authorizing human, and the current state of the record to act correctly? Workday's advantage lies in its ability to infer its customers' organizational structures from the data they provide. As third-party identity providers like Okta verify their information by checking Workday, its context becomes the system of record for many enterprises.

Dan Obendorfer, director of product at Würk, emphasized the importance of the permission and governance layer in the agent system of record, particularly in regulated spaces. "It has to live in the system of record, that's not a preference, that's the only way it works," he said. Kadan Stadelmann, chief technology officer and co-founder of Compance.AI, echoed this sentiment, stating that "without agent ownership, performance, costs or actions, chaos ensues." As companies continue to develop and deploy AI agents, it's clear that permissions and governance will play a critical role in their success.