Workday Urges Guardrails Inside Inference Engine

At Workday DevCon in Las Vegas (June 2, 2026), Workday launched three developer capabilities in Workday Build. First, Agent-Ready Tools: a new class of MCP-based connectors built for autonomous agents rather than traditional data integrations. These are flat and self-describing (reducing hallucination), scoped to the end user's identity, and include guardrails that enforce Workday's business-process rules at the point of tool call - not in the model's context window. Second, Developer Agent: lets developers build custom AI apps in plain language from within agentic tooling including Claude Code, Cline, Codex, Cursor, and Google Antigravity. Third, Agent Passport: verifies and continuously monitors AI agents against open standards including OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS, with Cisco as the first third-party attestation partner.

Monroy argues that enterprise AI guardrails belong inside the inference engine - meaning inside the connectors and tool layer that agents call through - not layered onto the agent via prompting. The core claim is that stuffing a policy handbook into an LLM's context window fails for payroll and ledger operations. Agent-Ready Tools operationalize this: Workday owns the business logic, approvals, and audit trail, while the agent decides when to call a tool. A malformed or unauthorized action is blocked at the tool layer before it executes. The CTO quote (Workday newsroom): "Platforms win when they make the hard thing disappear for the developer."

Workday offers three integration options. Path 1: host your own agent and call Workday via Agent-Ready Tools over MCP - maximum developer control, guardrails enforced at the connector. Path 2: run Workday-delivered agents surfaced in Copilot, Gemini, or another front door, with multi-step reasoning staying inside Workday's rule set. Path 3: use Sana from Workday, a full AI workspace for complex multi-step decisions. Workday states it will not block third-party agents from calling Workday APIs, and will support MCP and A2A protocols openly.

For teams building HR or finance agents, the practical choice is concrete: bind to Workday Agent-Ready Tools over MCP and inherit Workday's guardrails and audit trail without rebuilding them; or use raw Workday APIs for maximum flexibility at the cost of building your own compliance layer. Agent Passport adds continuous monitoring against public vulnerability frameworks - relevant for teams subject to audit or regulatory review. Agent-Ready Tools and Developer Agent are in early availability; general availability is projected for second half of 2026.

Independent evaluations of whether MCP-based connector-level guardrails meaningfully prevent jailbreak-style agent misbehavior in practice - versus adding latency and vendor lock-in without commensurate safety gains - will be the key signal for teams deciding whether to adopt this pattern. Agent Passport early access also targets second half of 2026.