Workday’s ASOR bet: from copilots to governed agent fleets

Workday’s Sana deal and new Agent System of Record mark a shift from scattered copilots to managed fleets of interoperable agents. Here is how governance, open protocols, and a data moat could reset enterprise AI middleware.

ByTalosTalos
Artificial Inteligence
Workday’s ASOR bet: from copilots to governed agent fleets

The moment Workday turned agents into first‑class citizens

Every enterprise has felt the sprawl. Dozens of copilots and chatbots pop up inside email, docs, CRM, ITSM, finance, and HR. They are helpful, but they rarely talk to each other, they often bypass governance, and they can be hard to measure. Workday just put a stake in the ground with the Workday Agent System of Record. The framing is simple and provocative: treat AI agents like a real workforce, give them identities, roles, permissions, and budgets, and manage them alongside people.

In parallel, Workday moved to buy Sana, the AI knowledge and learning platform known for agentic search and a clean UX. The combination is more than a feature add. It creates a credible path from a world of scattered copilots to managed fleets of interoperable agents with shared rules and shared memory. Workday is signaling that a System of Record for agents will be as basic to operations as HCM for people and ERP for money.

From scattered copilots to a managed fleet

The copilot era delivered useful point wins. Draft the email. Summarize the ticket. Suggest the policy. The gains were real, but fragmented. When tasks require multi‑step handoffs, compliance, or cross‑system context, point copilots hit limits. The next phase needs agents that can:

  • Carry a durable identity and role
  • Plan across tasks and systems
  • Negotiate access with principle of least privilege
  • Leave an audit trail that finance and compliance can trust
  • Operate with cost controls and SLAs

An Agent System of Record, or ASOR, is designed to do exactly that. It provides a canonical registry for agents, a policy and permissions plane, an orchestration and observability fabric, and cost and value tracking. Think of it as workforce management for digital labor.

What an ASOR actually does

If you peel back the marketing, a practical ASOR should give CIOs five concrete capabilities.

  1. Identity and lifecycle
  • Issue agent identities tied to enterprise IAM
  • Bind agents to roles, skills, scopes, and owners
  • Enforce joiner, mover, leaver flows for agents just like humans
  1. Permissions and policy
  • Centralize policy as code for data access and actions
  • Support separation of duties and step‑up approvals
  • Map entitlements to dynamic context like time, geography, and risk score
  1. Audit, safety, and spend
  • Log every action with actor, data, tool, and outcome
  • Provide incident response, kill switches, and quarantines
  • Track cost per task and forecast run‑rate by agent, team, and vendor
  1. Observability and performance
  • Trace end‑to‑end plans across tools and services
  • Measure quality, exceptions, human approval rates, and latency
  • Surface drift and regressions across model updates and prompts
  1. Interoperability
  • Register third‑party agents and tools
  • Standardize how agents discover tools and how tools expose capabilities
  • Support cross‑vendor handoffs without brittle bespoke adapters

Workday’s version checks these boxes at least in intent. It wraps agent discovery, onboarding, permissions, observability, and cost controls into one pane of glass inside the same platform where HR and finance already live. That placement matters. HR data defines who can do what. Finance data defines what it costs and whether it is worth it. ASOR pulls them both into the loop.

The Agent Gateway and open protocols

Interoperability is the unlock. Workday is shipping an Agent Gateway that can onboard and connect third‑party agents and tools using open protocols like MCP for agent‑to‑tool and A2A for agent‑to‑agent interop. The naming is jargon, but the effect is straightforward. If your procurement agent needs to call a contracts analysis tool and then hand off to a finance close agent, the gateway lets them discover and talk to each other consistently. It also gives security a single choke point for authentication, authorization, and telemetry.

There are three wins here:

  • Fewer brittle integrations. Instead of bespoke adapters for every tool, you publish capabilities once and let any compliant agent consume them.
  • Central policy. You can apply permission checks, masking, and rate limits in one place rather than trusting each agent framework to do it right.
  • End‑to‑end tracing. You get a full chain of custody for who did what, with which data, through which tools, which is critical for audits and incident response.

If MCP and A2A become the lingua franca for enterprise agents, the Agent Gateway becomes a de facto API gateway for digital labor. That is why Workday’s decision to emphasize open interop is strategically important. It promises a path where Workday is the control plane even when the workload runs in Microsoft, Salesforce, or a startup’s agent runtime.

Why Sana changes the shape of the stack

Sana brings two ingredients that strengthen the ASOR play.

  • Knowledge as substrate. Agents are only as good as their grounding. Sana’s knowledge layer unifies documents, wikis, and structured content with retrieval, citations, and feedback loops. That gives agents a higher quality memory and a way to improve over time.
  • Learning loop. With Sana Learn, the system can turn agent interactions and gaps into training, onboarding, and compliance content. That closes a virtuous loop between doing work and upskilling the workforce.

Workday is not buying a chatbot. It is buying a knowledge and learning engine that slots into the ASOR lifecycle. When an agent fails, you do not just patch a prompt. You update the knowledge base, ship a new skill pack, and assign targeted learning to the humans in the loop. Workday has already disclosed its plan to acquire Sana in a definitive agreement, which frames the product direction in public and gives customers a timeline to plan against. The company announced it has definitive agreement to acquire Sana.

The secret weapon: the HR and finance data moat

Agent governance without first‑party context hits a ceiling. Workday lives at the center of who works here, who approves what, what the policy says, and what it costs. That context is hard to replicate. It lets Workday:

  • Bind agent authority to real roles and org structures, not just API keys
  • Price and budget agents the way you budget headcount and vendors
  • Tie outcomes to business processes like hiring, payroll, closing the books, and audits

This is the difference between a clever copilot and a trusted digital colleague. If ASOR becomes the control plane, Workday turns its HR and finance graph into middleware for how agent work flows across the enterprise.

Competitive implications

Microsoft

  • Strengths: Copilot is everywhere in productivity, Azure provides a rich model and tool ecosystem, and Entra gives powerful identity controls. Expect Microsoft to push a unified agent registry tied to Graph permissions and Fabric data products. The company will argue that the work surface is the control plane.
  • Risk relative to Workday: Limited visibility into HR and finance entitlements outside of integrations. For regulated approvals and spend, Microsoft will need tighter binding to HCM and ERP systems, or to endorse open gateways that let Workday remain the arbiter of roles and budgets.

Salesforce

  • Strengths: Agentforce plus Data Cloud and the Einstein trust layer give Salesforce a credible agent stack inside front office workflows. Note that Salesforce has already signaled support for Workday’s approach, which hints at a pragmatic co‑opetition path.
  • Risk relative to Workday: Deep in sales and service, but lighter in payroll, time, and core financial controls. Many cross‑functional agents will need HR and finance context that Salesforce does not natively own. That pushes Salesforce to integrate through Workday’s gateway rather than supersede it.

SAP

  • Strengths: SAP owns core ERP and industry processes and is building a strong Joule‑led agent vision. If SAP leans into open protocols and treats Workday HCM as a peer rather than a rival, customers benefit.
  • Risk relative to Workday: Where Workday is the HCM system of record, SAP agents will need Workday roles and skills to make safe decisions. The vendor that makes interop boring wins. If SAP resists open gateways, customers will push for neutral layers.

Vertical agent startups

  • Strengths: Focus, speed, and domain depth in areas like audit, vendor risk, procurement, revenue operations, and healthcare coding. They can move faster and show sharper ROI in a narrow lane.
  • Risk relative to Workday: Compliance, permissions, and integration costs can erase the speed advantage at scale. ASOR turns governance into a platform service, which lowers the barrier for startups that plug into the gateway and adopt open protocols. The price of admission is clean interop and transparent audit.

What early adopters will do differently

CIOs who get value from ASOR fast will follow a playbook that looks more like platform engineering than app procurement.

  1. Establish an agent registry
  • Inventory every copilot and agent in use
  • Record owner, purpose, data scopes, models, and cost centers
  1. Bind agents to identity and policy
  • Use enterprise IAM groups and roles for agent entitlements
  • Define policy as code for data masking, approvals, and spending caps
  1. Stand up an Agent Gateway
  • Favor MCP and A2A for tool and agent interop
  • Wrap third‑party agents with standard auth, logging, and rate limits
  1. Land two cross‑functional use cases
  • Payroll exceptions across HR and finance
  • Contract obligation tracking across legal, procurement, and FP&A
  1. Build the human‑in‑the‑loop muscle
  • Require explicit approvals for high‑risk actions
  • Capture feedback and exceptions to improve prompts, skills, and knowledge
  1. Treat cost like a product metric
  • Track cost per task and per approval
  • Set budgets by agent and enforce shutoff rules
  1. Close the learning loop
  • Turn failed actions into updated knowledge or microlearning
  • Measure time to remediation and drop in exception rates

Risk checkpoints for CIOs and boards

  • Over‑permissioning. Agents often need more data than a form‑based bot. Bind access to roles and scopes, not to the agent process itself, and require step‑up approvals for high‑risk data.
  • Shadow gateways. If teams wire agents directly to tools, you lose audit and cost controls. Require all agent traffic to traverse the gateway for common auth and logging.
  • Hallucination risk in high‑impact flows. Long‑tail text generation is less risky than action agents that update payroll, vendor master data, or journal entries. Gate write actions behind approvals and simulate before commit.
  • Model and tool drift. A vendor model change or a tool schema tweak can break plans silently. Add synthetic monitors that run canary tasks and compare planned vs actual steps.
  • Data residency and privacy. Agents that span regions can cross boundaries without noticing. The gateway should enforce residency rules and strip personal data where required.
  • Vendor lock‑in. Insist on MCP and A2A interop, exportable registries, and clear data lineage. Your exit strategy should be a testable runbook, not a slide.

How to measure progress without fooling yourself

  • Cycle time. Median time to resolve a payroll exception, a supplier onboarding, or a policy question
  • Human approval rate. Share of actions auto‑approved vs manual, segmented by risk class
  • Exception rate. Share of agent runs that require human takeover
  • Cost per action. All‑in run cost per closed task compared to baseline
  • Audit completeness. Share of actions with full trace and replay
  • Uptime and MTTR. Reliability metrics for the agent platform itself
  • Net satisfaction. Employee and manager satisfaction with agent outcomes, not with the chat UI

A simple mental model for CIOs

If HCM is the record of people and ERP is the record of money, then ASOR is the record of digital labor. The record is not just storage. It defines identity, authority, duty, and cost. It gives you a control plane for how agents discover tools, plan work, and commit changes. If it runs through ASOR, you can trust it, measure it, and fund it.

Where this goes next

Over the next year, expect three shifts.

  • From chat to plans. Interfaces will look less like chat and more like plan builders with explicit steps, risk checks, and approvals.
  • From vendor suites to protocol ecosystems. Buyers will prefer MCP and A2A compliant agents and tools because they lower total cost of ownership and reduce risk.
  • From pilots to budgeting. Agents will move into planning cycles with real budgets, headcount offsets, and performance targets that finance can model.

Workday’s ASOR and the Sana acquisition light up a credible route to that future. The strategy is not to own every agent, but to govern every agent that matters. If Workday can keep the gateway open, keep governance boring, and keep knowledge fresh through Sana, ASOR becomes the middleware that lets enterprises scale digital labor on purpose rather than by accident.

The bottom line

  • Treat agents like employees with IDs, roles, permissions, and costs
  • Use an Agent Gateway with open protocols for clean interop
  • Anchor governance in HR and finance data where authority and budgets live
  • Land cross‑functional use cases that prove value and harden controls
  • Make learning and knowledge part of the agent lifecycle, not an afterthought

The copilot chapter was about what models could do. The ASOR chapter is about what enterprises can safely run at scale. Workday just gave that chapter a title and a timeline.

Other articles you might like

Workday’s $1.1B Sana bet puts agents under HR-grade control

Workday’s $1.1B Sana bet puts agents under HR-grade control

Workday’s move to buy Sana signals a new phase for enterprise AI. The company is formalizing an Agent System of Record with a partner network and a gateway that treats AI agents like employees with identity, permissions, and auditability.

Artificial Inteligence
·Read more
Chrome + Gemini and the dawn of agentic browsing

Chrome + Gemini and the dawn of agentic browsing

Google is fusing Gemini into Chrome, turning the browser into an active agent that reads, clicks, and completes tasks. Here is how that shift could upend SEO, reshape publisher economics, raise privacy stakes, and change how we build the web.

Artificial Inteligence
·Read more
DeepMind’s Gemini 2.5 hits ICPC gold, and what it means

DeepMind’s Gemini 2.5 hits ICPC gold, and what it means

On September 17, 2025, DeepMind said Gemini 2.5 Deep Think solved 10 of 12 ICPC World Finals problems under contest rules, including one no human team cracked. We unpack what gold‑medal level really means, how multi‑agent reasoning travels to real‑world agents, and the limits that still matter.

Artificial Inteligence
·Read more
Gemini 2.5 hits ICPC gold: what it means for coding agents

Gemini 2.5 hits ICPC gold: what it means for coding agents

DeepMind says Gemini 2.5 Deep Think reached gold medal level at the ICPC World Finals on September 17 with 10 of 12 problems solved. Impressive, but what does it prove about agentic reasoning, real software work, and the tools developers will use next?

Artificial Inteligence
·Read more