The AI agent bottleneck isn't model performance — it's permissions

2026-05-29 · Source: VentureBeat · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Robotics & Autonomous Systems, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

Enterprise AI agents are facing a significant bottleneck not due to model performance, but rather complex permissioning challenges. Workday addresses this by positioning its existing system of record, Sana, as the primary governance layer for AI agents. Launched in March, Sana ensures the integrity of approvals and security models, preventing issues seen when customers attempt to build DIY AI solutions that lose the richness of security models. Workday expanded its partnership with Google to integrate Sana with Gemini Enterprise, making Sana-built agents discoverable there. The company emphasizes that accuracy, particularly for HR and finance users, is paramount, stating "almost right is not acceptable." Workday achieves this by using Gemini as its base reasoning layer, augmented by its context engine, business process logic, and verification models that "interrogate" outputs before execution. This approach links accuracy directly to identity and permissions, leveraging Workday's ability to infer organizational structures for robust authentication, authorization, and audit trails within regulated environments.

Key takeaway

For AI Architects or Directors of AI/ML implementing enterprise AI agents, particularly in HR or finance, you must prioritize robust permissioning and governance. Relying on your existing system of record for agent identity, authorization, and audit trails is crucial to prevent accuracy issues and ensure compliance. Avoid cobbling together DIY solutions that risk losing critical security model richness, which can lead to costly errors.

Key insights

The core bottleneck for enterprise AI agents is permissioning and governance, not model performance.

Principles

• Agent accuracy in enterprise requires robust permissioning.
• System of record is critical for agent governance.
• "Almost right is not acceptable" for HR/finance AI.

Method

Workday uses Gemini as a base reasoning layer, adding a context engine, business process logic, and verification models to interrogate outputs before execution.

In practice

• Integrate AI agents with existing systems of record.
• Implement verification models for agent outputs.
• Prioritize identity and permissions for agent actions.

Topics

• Enterprise AI Agents
• AI Governance
• Permissioning
• System of Record
• Workday Sana
• Gemini Enterprise
• HR and Finance AI

Best for: CTO, VP of Engineering/Data, Executive, AI Architect, Director of AI/ML, MLOps Engineer

Related on AIssential

• Funding Agentic AI in HR Without Losing Control - with Carey Smith of Blue Cross and Blue Shield — Effective AI in talent management requires governance-first architecture to ensure accountability, auditability, and bias mitigation.
• Claude ran a business in our office — AI agents can run businesses, but require robust architectural design and guardrails to prevent manipulation and ensure stability.
• EY: How to Scale AI at Speed Without Impacting Innovation — Effective AI architecture, not just model accuracy, drives speed, trust, and scalable human-AI orchestration.
• Weekly Dose #3 - AI’s New Bottleneck Is Control — Control over AI workflows, modalities, tools, compute, and financing is the new critical bottleneck in AI development and deployment.
• #348 AI Agents in Your Systems: Speed, Security, and New Access Risks with Jeremy Epling, CPO at Vanta — AI agents offer significant automation benefits in security but introduce critical new risks requiring proactive governance and human oversight.
• AI Agents of the Week: Papers You Should Know About — Structured approaches to reasoning, memory, and alignment enhance AI agent performance and efficiency.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by VentureBeat.