Skip to main content
Perspectives
    Subscribe
    Artificial Intelligence

    Lawful AI in the Wild West of Enterprise Tech

    AI agents unlock speed and scale, but without governance, they also introduce risk. Here’s how enterprises bring structure to probabilistic systems.
    Headshot of Emma Coppin

    Emma Coppin

    Multimedia Content Lead, Thought Leadership and Customer Stories

    Workday

    In this article we discuss:
    In this article we discuss:

    Audio also available on Apple Podcasts and Spotify.

    The film Westworld (along with the more recent HBO adaptation) explored artificial intelligence through the setting of an American Western-themed amusement park populated by android hosts.

    Spoiler alert: the androids go rogue, and things unravel in a hurry.

    The choice of a Wild West setting was probably not incidental. When Michael Crichton wrote the original screenplay in 1973, computing was still in its infancy. Yet his core idea has aged remarkably well: complex systems fail in ways their creators can’t predict or control.

    It’s a premise that hits home with leaders who are navigating the modern-day Wild West of enterprise tech. Today’s AI agents—autonomous, adaptive, and increasingly embedded in daily workflows—are astoundingly capable. But they are also, in a meaningful sense, lawless. 

    Overcoming this challenge was one subject unpacked by Workday CTO Gabe Monroy and Head of Developer Relations Nick Moore in a recent episode of our Future of Work podcast. 

    The Rise of “Lawless” Agents

    AI agents operate on probabilistic models. They don’t follow deterministic rules so much as generate likely outcomes based on patterns in data. This is what makes them powerful, but also what makes them unpredictable.

    “What I like to refer to is the concept of lawless agents,” says Monroy. “They’re omniscient. They can see all the things, they can touch and do all the things through lots of tools, but they're fundamentally lawless.”

    In critical domains like finance, HR, and compliance, this lack of predictability can feel about as scary as the sci-fi, dystopian scenarios that take shape in the fictional universe of Westworld. And here, the costs are far from abstract.

    A hallucinated answer in a casual setting is a curiosity. In an enterprise context, it can mean incorrect financial reporting, misrouted payments, or flawed workforce decisions.

    To gain legitimate trust and confidence in agentic AI, we need more control. Easier said than done.

    “What I like to refer to is the concept of lawless agents. They’re omniscient. They can see all the things, they can touch and do all the things through lots of tools, but they're fundamentally lawless.”

    - Gabe Monroy, Workday CTO

     

    Workday "Global Workforce Report" cover, featuring a photo of a smiling person in a green sweater.

    Report

    Workday Global Workforce Report: Restoring Trust Before Your Top People Leave

    Read Now

    From Frontier Experimentation to Enterprise Reality

    In many ways, today’s AI landscape resembles the early internet era, where innovation moved quickly, standards lagged behind, and security and governance were largely afterthoughts.

    Early web applications were fast and flexible, but often fragile and exposed. Over time, layers of infrastructure—protocols, security frameworks, identity systems—brought order to that chaos.

    AI agents are now at a similar inflection point.

    Left unchecked, they behave like frontier technologies: adaptable, creative, and occasionally reckless. For enterprises, we know that’s not a sustainable model. So how do you ensure agents are operating “lawfully”—within defined, reliable boundaries—while at the same time not limiting their capabilities? 

    It’s a tough needle to thread, and as Monroy notes with a bit of levity, current standards don’t always instill the greatest confidence.

    “You try and make them lawful by providing prompts and guardrails in the system prompt or the context window,” he says, “but you're fundamentally crossing your fingers and going, gosh, I hope this agent respects what I asked it to do. And within the rules.”

    The solution comes down to intentional, nuanced structure.

    What It Means to Make AI “Lawful”

    When approached with too much rigidity or constraint, AI guardrails can risk diminishing the core value of the technology, limiting the space for innovative usage. Lawful AI is essentially just responsible AI: governed, observable, accountable.

    To make this real, focus on shifting from best-effort prompting to enforceable systems of control.

    Today, many organizations rely heavily on prompts and contextual instructions to guide agent behavior. These are useful, but can be inherently fallible. They depend on the model interpreting intent correctly every time, and that’s a probabilistic gamble.

    True enterprise readiness requires a deeper layer of structure:

    • Guardrails vs. governance: Guardrails guide behavior; governance enforces it. Enterprises need both. Guardrails can shape outputs, but governance ensures compliance with policies, regulations, and business rules.
    • Prompting vs. policy enforcement: Prompts suggest what an agent should do. Policy enforcement ensures what it can do aligns with defined permissions, data boundaries, and workflows.
    • Observability vs. accountability: Seeing what an agent did is only the first step. Enterprises must also be able to trace decisions, audit outcomes, and assign responsibility when things go wrong.

    This is where the conversation around “lawful agents” becomes practical rather than philosophical.

    Running Probabilistic Systems on Deterministic Rails

    Lawfulness in the Wild West is an oxymoronic concept. How do you harness probabilistic intelligence within deterministic systems?

    One answer lies in embedding AI agents directly within enterprise platforms that already manage structured data and governed workflows.

    When agents operate in isolation—pulling from unstructured inputs, acting without constraints—they amplify uncertainty. But when they are anchored to systems of record, their actions can be bound by real-world rules.

    Enterprise platforms have long enforced constraints around sensitive domains like financial transactions and workforce data. Extending those constraints to AI agents creates a hybrid model:

    • The flexibility of AI to interpret, generate, and adapt
    • The reliability of enterprise systems to validate, constrain, and execute

    Monroy was excited to give a sneak peek to Workday’s efforts and ambitions in this area. 

    “Workday has a really unique opportunity to provide enterprise guardrails that are going to allow the probabilistic, magical machines that are these agents to actually run on rails, and be able to provide deterministic guarantees.”

    During the DevTalk chat, Monroy hinted at some of the deep tech being developed within engineering at Workday to “marry these worlds of probabilistic AI with the realities of being in the business of people and money.” 

    It’s the new frontier, being explored before our eyes.

    “Workday has a really unique opportunity to provide enterprise guard rails that are going to allow the probabilistic, magical machines that are these agents to actually run on rails, and be able to provide deterministic guarantees where possible.”

    - Gabe Monroy, Workday CTO

    What’s Next for Enterprise Agentic AI

    We are still early in the lifecycle of AI agents. The experimentation phase has been necessary to unlock their potential, but enterprise adoption demands a transition to something more structured and dependable.

    As Dr. Robert Ford put it in the HBO adaption of Westworld, “Everything in this world is magic, except to the magician.”

    AI does sometimes feel magical in what it can do. But in enterprise AI, we are still the ones behind the curtain—building the systems, setting the boundaries, and deciding how far they’re allowed to roam. 

    Workday "Global Workforce Report" cover, featuring a photo of a smiling person in a green sweater.

    Report

    Workday Global Workforce Report: Restoring Trust Before Your Top People Leave

    Read Now
    About the Author
    Headshot of Emma Coppin
    Emma Coppin Multimedia Content Lead, Thought Leadership and Customer Stories Workday

    Emma Coppin is the multimedia content lead for thought leadership and customer stories at Workday. She is focused on getting to the heart of and telling the stories and perspectives that matter.

    With more than two decades of experience, Emma has honed her craft in creating compelling narratives across diverse mediums, including journalism, communications, PR, and technology marketing. She is passionate about capturing and delivering engaging, educational, and relevant content, maximizing impact for featured individuals and their audiences.

    Emma holds a bachelor’s degree in English language from Manchester Metropolitan University and a post-graduate qualification in newspaper journalism.

    More perspectives from Emma
    ''
    Closing the AI Trust Gap

    AI has been a gamechanger across nearly every industry and marketplace. But realizing the true value of AI requires buy-in between different stakeholders. In this AI Masterclass, learn how you can make the most of AI for finance, HR, and more.

    Start Class
    RELATED PERSPECTIVES

    Up next

    Perspectives for your inbox.

    Expert insights on AI, HR, and finance you won’t find anywhere else delivered weekly.

    Please accept cookies to continue.

    This content is blocked due to your cookie preferences for this site. By clicking here, you accept YouTube's Terms of Service and Privacy Policy. Workday will save your choice in a session cookie.