Share with your CISO
Workday is betting that the fastest-growing AI governance gap in the enterprise is not model quality but agent accountability, and it’s launching Agent Passport to close it. The product tests every AI agent, whether Workday-built or third-party, against OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS before production, then monitors continuously at runtime. Cisco is the launch partner, using Cisco AI Defense to perform independent attestations. Early access opens in the second half of 2026, with general availability projected before year-end.
What this means for your business
The exposure question for CISOs right now is not whether AI agents will reach payroll and benefits workflows, it’s whether those agents arrive with any verifiable security record. Most enterprises deploying third-party agents today accept a “safe” label issued by the vendor that built the thing, which is roughly equivalent to a restaurant grading its own kitchen. Agent Passport’s three-layer attestation model, broad trust categories, specific testable claims, and signed results from an independent tester, is the right structural answer to that problem. Whether it actually changes behavior depends on how many third-party vendors participate beyond Cisco.
The architectural move worth watching is revocation. Real-time monitoring that can block or restrict an agent mid-task, and revoke an agent’s permissions enterprise-wide on a single command, addresses a failure mode that most current agent deployments have no answer to. An agent that passes pre-deployment testing can still be exploited after the fact through prompt injection, where a malicious input tricks the agent into ignoring its original instructions, or goal hijacking, where it’s redirected toward an attacker’s objective. Continuous monitoring with a kill switch is not a feature; it’s the precondition for running agents on sensitive financial and HR data without a standing incident-response nightmare.
The Cisco partnership is the credibility anchor today, but the product’s long-term value is proportional to the breadth of its attestor network. If Agent Passport stays a Workday-plus-Cisco offering, it functions as a controlled ecosystem play by a vendor that, having built extensive trust in HR and finance, has a structural incentive to extend that trust into the agent security layer. If the attestor network opens to five or ten independent security firms, the shared standard becomes genuinely portable. The renewal or procurement decision this reshapes is any security tooling contract you have for agent oversight: the question to weigh is whether that vendor can produce a signed, standards-referenced attestation, or only its own audit report.
Concept deep-dive: Prompt injection
Prompt injection is an attack where malicious text, hidden in a document, email, or data feed an agent reads, overrides the agent’s original instructions and redirects its behavior. Think of it as a forged order slipped into an agent’s inbox that looks legitimate. For agents touching payroll or employee records, a successful injection can exfiltrate data or trigger transactions before any human sees the output. It is the OWASP LLM Top 10’s top-ranked risk precisely because it requires no system access, only the ability to feed the agent text.
Based on reporting from Workday Launches Agent Passport to Test, Verify, and Continuously Monitor Every AI Agent in the Enterprise, originally published 2026-06-02 14:07:00.
