Workday tech leaders share how to balance fast-paced agentic experimentation with the unyielding security of your core systems of record.
Sydney Scott
Editorial Strategist, AI
Workday
Audio also available on Apple Podcasts & Spotify.
And just like that, Workday DevCon 2026 is officially a wrap. Teams left the conference absolutely buzzing and ready to build the next generation of agentic workflows.
But beyond the high-octane keynotes and flashy live demos, a much bigger conversation is happening behind the scenes. During an episode of the Future of Work podcast, Workday CIO Rani Johnson and CTO Gabe Monroy dove straight into the massive balancing act today's tech leaders are facing: how do you let teams experiment at lightning speed without breaking your data governance rules?
The big challenge right now is deciding where to let AI run free and where to pull back the reins. It means looking at AI tasks through a clear spectrum of risk, because nobody can afford to gamble with their core infrastructure. At the end of the day, leaders are trying to draw a definitive line between a helpful automation and a major operational hazard.
Report
On one end of the spectrum, you have your low-stakes, routine tasks—the perfect playground for fast-paced experimentation. In fact, many leaders are perfectly fine letting independent tools handle the basic stuff. When a CIO is managing a massive digital ecosystem of 100 to 500 systems, finding areas to offload routine administrative noise becomes essential for team survival.
These casual setups let teams move at lightning speed without sweating the small mistakes, giving organizations a safe environment to build up their basic AI muscle memory before tackling high-stakes deployments. Take routine internal workflows, like email management or handling repetitive baseline inquiries, for example. It’s the ultimate low-risk starting point where speed and convenience can safely take priority over absolute perfection.
As Johnson put it, "There's times where it's okay to—and to borrow a term from our chief AI officer—YOLO agents on certain things. If you're in a role where it's acceptable to have agents actually responding to your emails automatically because you're doing routine tasks, then YOLO."
The second you step out of that casual sandbox and into your core business engines, the YOLO mentality completely expires. When you're dealing with foundational company data, the room for error vanishes. Because LLMs are inherently built for open-ended reasoning rather than deterministic constraints, letting unverified outside agents loose on your core operations is an unacceptable gamble.
That is exactly why leaders have to draw a hard, unyielding line right at the system of record. When it comes to the metrics that keep the lights on, there is simply no room for guessing games.
Johnson warns, "When it's time to do something deterministic, where you're doing a mission critical service, that has to absolutely guarantee the right result. You're talking about writing to a system of record that is providing either a critical answer that has regulatory controls or is dealing with sensitive data. You can't YOLO that type of work. You really need to be thoughtful in using lawful actions in that."
When it's time to do something deterministic, where you're doing a mission critical service, that has to absolutely guarantee the right result.
Rani Johnson
CIO, Workday
For Monroy, managing this boundary boils down to one simple truth: knowing what AI is great at and where it falls dangerously short.
AI is exceptionally strong at creativity, drafting, and open-ended solutions. But when a business needs absolute, 100% certainty, the technology gets incredibly tricky. "And in the area of people and money, you'd really need those deterministic guarantees a lot," Monroy noted.
To bridge this gap, he highlights a massive architectural line in the sand between hooking up loose, outside APIs and running AI natively on a secure platform. While letting an outside AI simply read your data to summarize a report is generally fine, letting that outside AI write—meaning it can alter or change system records—presents massive compliance risks. When probabilistic AI tries to write directly to deterministic business processes, the risk skyrockets.
AI is exceptionally strong at creativity, drafting, and open-ended solutions. But when a business needs absolute, 100% certainty, the technology gets incredibly tricky.
To enforce this line in the sand, AI reasoning and execution must live natively on the platform holding your data. Outside ecosystems simply cannot replicate the guardrails that come with direct proximity to the system of record. For leaders, keeping data tightly contained is a matter of professional survival.
As Johnson bluntly put it, "I'm not willing to risk my job. I'm not willing to risk the trust of our internal stakeholders. I'm certainly not willing to risk the trust of our customers. When you're dealing with something that has a high trust requirement, you just have to deal with agents that you trust."
But fixing the architecture is only step one. If you want to scale AI globally, you need continuous, automated validation running at runtime. This requirement has led to innovations like Workday’s Agent Passport, a verifiable trust record for every AI agent running on the platform. Developed with Cisco as its launch partner, this framework leverages Cisco AI Defense to run adversarial validation against critical attack classes—like jailbreak attacks and data exfiltration—before an agent ever ships. Monroy broke down how this defense-in-depth model works in practice, "What the agent passport program does is it provides stamps, attestations around security capabilities to prevent things like prompt injection. And we're constantly testing and validating those attestations."
By pairing upfront certifications with real-time monitoring, Agent Passport can allow, block, or limit agent actions in real time based on custom corporate policies. If a vulnerability is discovered, a single revocation can automatically restrict or shut down affected agents across the entire enterprise before they threaten sensitive payroll or financial workflows.
In the area of people and money, [you] really need those deterministic guarantees a lot.
Gabe Monroy
CTO, Workday
Ultimately, navigating the line between YOLO agents and absolute trust requires a completely new operational playbook. Waiting for the AI landscape to perfectly stabilize before rewriting that playbook is a losing strategy. To execute safely and swiftly, leaders are actively dismantling traditional agile structures and spinning up dedicated AI pods built around full-stack delivery. This completely changes how internal technical teams operate.
Monroy delivered a clear call to action for hesitant leaders, "Lean forward and start doing it. A lot of this is very contextual to the specific company, to specific organizations, to the specific function, and you really just have to put one foot in front of the other. Start moving forward and start building."
Sitting on the sidelines won't get you ready. By building these fast-moving execution units within trusted, native ecosystems, companies can aggressively experiment with low-risk automations while ensuring their core systems remain completely uncompromised.
Johnson echoed this urgency, emphasizing that native platforms offer a bulletproof path forward, “If you haven't started building agents, if you haven't started developing, get started. Agent development is not going to just change the expectations around efficiency and optimization. It's going to actually change your operating models. Sitting on the side is not going to get you more ready. When you know you have to manage a system of record, when you can deal with native agents in that system of record, and you can actually work on a trusted platform, to me it's a non-regrettable choice."
Report
A gap between effort and impact is the real ROI problem. Discover the solution.