Workday Agent Passport: The AI Security Framework HR Leaders Need Before Any AI Touches Employee Data
Every AI agent your company deploys has access to some of the most sensitive data in the enterprise: employee salaries, benefits elections, performance reviews, personal identification. One misconfigured agent — whether built in-house or sourced from a third-party vendor — could expose that data to the wrong audience, violate compliance frameworks, or produce outputs that create legal liability.
Until now, HR leaders had no standardized way to verify that an AI agent was safe before it touched employee records. That changed on June 2, 2026, when Workday unveiled Agent Passport at its annual DevCon conference in Las Vegas.
"One insecure agent can leak employee data, break compliance, and put the company on the front page for the wrong reasons," said Dean Arnold, VP of AI Platform at Workday. Agent Passport is Workday's answer to that risk — a three-layer governance framework designed to test, monitor, and revoke AI agents across the enterprise.
What Agent Passport Actually Does
Agent Passport operates at three levels that HR leaders should understand:
Pre-deployment testing. Before any AI agent — whether built by Workday or a third party — goes live, Agent Passport subjects it to a battery of security tests. These cover five critical risk categories: prompt injection attacks, jailbreak and goal hijacking attempts, system prompt extraction, employee data leaks, and unsafe outputs (Workday Newsroom).
Continuous runtime monitoring. Testing at deployment is not enough. Agent Passport monitors agent behavior in production, allowing security teams to detect drift or newly discovered vulnerabilities after an agent is live (CIO.com).
Single-point revocation. If an agent misbehaves, administrators can stop or restrict it enterprise-wide from a single control point — no need to chase down individual integrations or endpoints.
Critically, the attestations are not self-reported. Test results are signed by independent third-party testers and tied to recognized public standards: the OWASP LLM Top 10, NIST AI Risk Management Framework, and MITRE ATLAS (SiliconANGLE). This means HR and security teams receive auditable records showing exactly what was tested, by whom, and against which benchmarks.
Cisco as the First Independent Validator
Workday chose Cisco as its inaugural validation partner. Cisco AI Defense will independently test agents against security standards for prompt injection, data leakage, jailbreaks, and unsafe actions before signing off on attestations (Workday Newsroom).
For now, Cisco is the sole testing partner. Workday CTO Gabe Monroy told CIO.com: "It's difficult to really get ramped up in a standard with a lot of partners in the mix, so we want to get this right with just ourselves and Cisco. We'll be rolling it out more broadly soon" (CIO.com).
Two More Tools Complete the Stack
While Agent Passport is the governance headline, Workday announced two companion products that round out its agentic AI platform:
Developer Agent lets developers build Workday-compatible AI agents using plain language from within coding tools they already use — including Claude Code, Cursor, Cline, and Codex. The tool draws from a library of 50+ reusable agent skills and collapses the gap between business teams requesting functionality and developers building it (SiliconANGLE). Jules Mayberry, a developer at Waste Connections, said Developer Agent gives developers "a real starting point to build agents."
Agent-Ready Tools are enterprise data connectors built on the Model Context Protocol (MCP). They give AI agents governed access to HR and finance data while automatically inheriting Workday's security model, delegation rules, business controls, and audit trails (PR Newswire). Workday says there are hundreds of pre-built tools available, with thousands more custom actions accessible through its Pipedream connector library.
Availability
Agent Passport enters early access in the second half of 2026, with general availability expected before year-end. Developer Agent and Agent-Ready Tools are available in early access now through Workday Extend Professional, with GA also planned for H2 2026.
The Unresolved Question: Who Is Liable?
Agent Passport addresses the verification gap, but it does not resolve a harder question: if an agent that passed all tests later malfunctions and causes harm, who bears responsibility — Workday, the testing partner, or the enterprise that deployed it?
Monroy acknowledged this remains an open issue. "That's something we're still wrestling with with our partners," he told CIO.com (CIO.com).
For HR leaders evaluating Agent Passport, this is worth tracking. Verification reduces risk significantly, but it does not eliminate it. Contracts, insurance, and internal governance policies will still need to account for the residual liability that no testing framework can fully remove.
What This Means for HR Leaders
Agent Passport represents the first enterprise-grade attempt to create a verifiable trust layer for AI agents handling employee data. If you are evaluating AI agents for recruiting, onboarding, benefits administration, or workforce planning, the key takeaway is this: demand attestations. Ask vendors what standards their agents have been tested against, who performed the testing, and whether monitoring continues post-deployment.
Workday has set a benchmark. Whether your organization runs Workday or not, the governance framework it introduced — independent testing, continuous monitoring, single-point revocation — should become the baseline expectation for any AI agent touching HR data.
Source Attributions
- Workday Newsroom — "Workday Launches Agent Passport to Test, Verify, and Continuously Monitor Every AI Agent in the Enterprise" (June 2, 2026)
- PR Newswire — "Workday Launches New Tools for Developers to Build, Connect, and Verify AI Agents for HR, Finance, and IT" (June 2, 2026)
- CIO.com — "Workday Launches Agent Passport to Test and Monitor AI Agents in the Enterprise" (June 2, 2026)
- SiliconANGLE — "Workday Introduces New Capabilities for Building and Verifying AI Agents" (June 2, 2026)
- HRTech Edge — "Workday Expands AI Agent Development Platform with New Governance and Security Controls" (June 3, 2026)
When will Agent Passport be available?
Agent Passport enters early access in the second half of 2026, with general availability planned before the end of 2026. Developer Agent and Agent-Ready Tools are available in early access now through Workday Extend Professional.
What exactly does Agent Passport test AI agents for?
Agent Passport tests every AI agent — including third-party agents — against five risk categories: prompt injection attacks, jailbreak and goal hijacking, system prompt extraction, employee data leaks, and unsafe outputs. Tests are aligned to OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS standards, and attestations are signed by independent third-party testers.
Does Agent Passport work with third-party AI agents, or only Workday-built ones?
Agent Passport is designed to test and verify both Workday-built and third-party AI agents. Any agent operating within the Workday ecosystem must pass the same security validation before deployment, and all agents are subject to continuous runtime monitoring afterward.