Workday’s $1.1B Sana bet puts agents under HR-grade control

Workday’s move to buy Sana signals a new phase for enterprise AI. The company is formalizing an Agent System of Record with a partner network and a gateway that treats AI agents like employees with identity, permissions, and auditability.

Talos
Artificial Inteligence
Workday’s $1.1B Sana bet puts agents under HR-grade control

The deal that makes agents everyone’s problem

On September 16, 2025, Workday said it would acquire Swedish AI firm Sana for about $1.1 billion. The company framed Sana as the front door for work, combining AI search, learning, and proactive agents directly with Workday’s HR and finance context. The transaction is slated to close by January 31, 2026, pending customary approvals. Workday’s own announcement set the tone: agents are no longer side projects; they will be managed alongside people and money at the core of the enterprise stack (Workday signs definitive agreement to acquire Sana).

The Sana deal caps a year in which Workday formalized its Agent System of Record, introduced an Agent Partner Network, and launched an Agent Gateway to connect third party agents. Read together, these moves lay out a simple thesis: if agents will touch HR and finance workflows, they need HR and finance grade governance. The acquisition provides the user experience and knowledge layer to make those agents visible, useful, and safe where employees already live.

Why an “Agent System of Record” is suddenly essential

For a decade, enterprise AI lived in pilot mode. That is changing as teams shift agents from chat widgets to workflow actors that log into systems, create tickets, request budget, schedule interviews, and move money. Once agents have hands on real levers, a new control plane becomes mandatory.

Here is what buyers now need that generic LLM platforms rarely provide out of the box:

  • Identity at parity with humans. Agents need unique IDs, owners, purpose statements, and profiles tied to a legal entity. That profile must support least privilege, separation of duties, and data residency. It should also make it obvious who is on the hook if an agent misbehaves.
  • Role based permissions you can audit. Assigning granular scopes is not just a UX toggle. Enterprises need policy-as-code to define which data an agent can read, which actions it may execute, and when human approval gates are required. The policy must be reportable and testable during audits.
  • A consistent ledger of everything agents do. Think of an agent activity journal that captures prompts, tools called, data touched, decisions made, and outcomes. You need this for SOX, SOC 2, ISO, GDPR, and for your own forensics when something goes wrong.
  • Cost and ROI visibility. Executives will ask how many hours were saved, which queues were cleared, and what the net effect on gross margins or DSO was. Agent outcomes must map to business KPIs, cost centers, and chargeback models just like headcount and SaaS.
  • Lifecycle management. Onboarding, offboarding, rotation, performance reviews, and recertification now apply to non-humans. That means standardized creation flows, periodic permission recertification, emergency kill switches, and retirement processes.

An Agent System of Record (ASOR) packages these capabilities the way an HRIS system packages worker data. Workday’s pitch is that you should provision, govern, and measure agents in the same place you already govern people and spend, with controls that auditors already recognize.

The control plane: Agent Partner Network and Agent Gateway

Workday’s Agent Partner Network signals that agents will come from many places: Workday itself, big consultancies, cloud providers, and startups. The network approach is pragmatic. Most enterprises will run a fleet of agents that span HR, finance, IT, security, and line-of-business use cases. Buyers want a way to vet, purchase, and operate those agents under one set of enterprise policies.

The Agent Gateway is the technical counterpart. It gives partners a way to connect their agents into Workday’s governance fabric using shared protocols and standardized handshakes. Crucially, that gateway is not just a marketplace installer. It is a set of patterns for identity, permissions, telemetry, and policy that keeps agents aligned to business controls.

Two things make this approach more than branding:

  • It treats agents as first class entities with identities, not ephemeral chat sessions. That unlocks ownership, accountability, and revocation.
  • It routes agent-to-system and agent-to-agent interactions through a control plane where policy and audit live, rather than pushing each vendor to reimplement governance in a silo.

Open standards are finally converging

The industry has been circling around a small set of open patterns to wire agents to tools. Workday explicitly pointed to Model Context Protocol and agent to agent protocols in its gateway strategy. This matters for two reasons. First, standards reduce bespoke integrations and vendor lock-in. Second, they make it feasible to apply uniform security policy to heterogeneous agents, because the way tools are described, called, and logged is compatible across vendors.

What started as developer convenience is turning into compliance infrastructure. The more vendors adopt common message formats and transport patterns, the easier it becomes for a platform like Workday to police actions and create cross vendor audit trails.

Governance is getting real across the stack

Workday is not alone in pushing governance closer to the metal. Microsoft has been adding enterprise controls to Copilot Studio that mirror the needs of security and compliance teams. Two stand out because they close gaps that previously kept CISOs from greenlighting agent fleets:

  • A tenant wide agent inventory so administrators can see every agent in one view, with ownership and status, instead of spelunking through environments.
  • An agent quarantine function to immediately isolate a misbehaving or compromised agent while an incident is investigated, with unblock flows aligned to existing admin tooling (Copilot Studio adds quarantine for agents).

The pattern is clear. As agents move from experiments to production, vendors are normalizing the same primitives: inventory, policy, isolation, analytics, and cost reporting. Buyers should expect to see similar controls land in ITSM, CX, and data platforms over the next year.

What this means for vendors

  • HR and finance platforms become agent control planes. Workday is making the case that governance should live where money, roles, approvals, and organizational context already live. Expect Oracle, SAP, and ServiceNow to sharpen their stories around agent identity and policy anchored in their existing data graphs.
  • The marketplace becomes the distribution channel for agents. If fleets of agents need standardized onboarding and ongoing compliance, marketplaces must evolve beyond app listings into curated catalogs with security attestations, permission templates, and ROI benchmarks. Vendors that can pre-integrate lifecycle and telemetry will win shelf space.
  • Standards are strategic. Vendors that support common protocols will integrate faster and inherit platform governance. Those who resist will face longer sales cycles as customers demand custom audits and compensating controls.
  • Differentiation shifts to outcomes and assurance. If plumbing is standardized, winners will be those who prove measurable business impact with compliance friendly runbooks. Expect third party validation programs and reference playbooks to become part of enterprise buying.

What this means for buyers over the next 12 months

The immediate question for most teams is build or buy. The answer will vary by use case, but a few patterns are emerging:

  • Buy the control plane, build or buy the agents. Few enterprises want to stitch together identity, permissions, audit, and DLP across 10 tools. Let a platform provide the ASOR, then build agents for your unique processes and buy agents for commodity tasks like interview scheduling, invoice triage, or knowledge retrieval.
  • Start with high frequency, bounded risk workflows. Think reconciliations, ticket triage, accrual checks, or policy Q&A backed by authoritative sources. These offer fast ROI, clear success metrics, and low blast radius.
  • Treat agent owners like managers. Assign accountable owners with budget, service level targets, and a quarterly review of metrics and incidents. Make ownership explicit in the system, not in a slide deck.
  • Insist on policy as code and provable audit. Ask vendors to show you the JSON for permission scopes, the event stream for agent actions, and the retention policy that keeps you compliant without retaining sensitive prompts forever.
  • Model cost and benefit per agent. Track tokens and API calls if needed, but normalize to a unit that finance respects. For example, cost per case resolved, cost per hire accelerated, or hours saved per quarter.

A practical evaluation checklist

When you run RFPs or proof of value projects, put these questions on the first page:

Identity and permissions

  • Can the platform register each agent with a unique, queryable identity linked to an owner and cost center?
  • Can we grant least privilege with action level scopes and time bound access? Can we enforce two person approvals for sensitive actions?

Audit, safety, and controls

  • Do we get a tamper evident, exportable log of prompts, tools, and outcomes? Can we replay sessions for forensics without exposing sensitive data?
  • Is there a tenant wide inventory, version history, and standardized offboarding? Is there a single red button to quarantine an agent across all surfaces?

Data, privacy, and compliance

  • How are DLP and data residency enforced for both inputs and outputs? Can we route traffic to approved models and regions?
  • What is the retention policy for prompts, embeddings, and tool outputs? How do we meet data subject requests?

Operations and economics

  • Can we set budgets, rate limits, and alerts per agent or group of agents? Can we map run costs to business outcomes?
  • What SLAs exist for the control plane and for vendor provided agents? How are incidents communicated and remediated?

Standards and integration

  • Which open protocols are supported for tool calling and agent collaboration? How easy is it to onboard custom agents and tools?
  • Can the platform enforce policy consistently across partner and custom agents via the gateway, not just within native tools?

How Workday’s Sana buy changes buyer posture

Sana gives Workday a user facing layer that makes agents feel like part of daily work rather than something you visit in a separate chat tab. If Workday can align Sana’s search and learning experiences with the ASOR, employees will discover trusted agents in context, with permissions and audit already set up. That reduces shadow agent risk and shortens time to value by meeting users inside processes they already trust.

The acquisition also raises the bar for experience quality in agent deployments. If Sana style generative experiences become the default inside Workday, buyers will expect similarly polished agents across finance, IT, and CX. Vendors selling rough prototypes will struggle.

Most importantly, the deal legitimizes the idea that agents deserve a formal system of record. Once that idea sticks, it becomes harder for point solutions to win without plugging into a platform’s control plane. That is good for risk reduction and operational consistency, even if it narrows the field of build it yourself options.

What to do next

  • Inventory your agents and proposals. Create a single list that names each agent, owner, purpose, systems touched, data classifications, and current status. If you cannot produce this list in a day, you are not ready to scale.
  • Choose your control plane. Decide whether your HR and finance system will be the ASOR, or whether you will use a different platform and federate identity and policy. Make the choice explicit and write down the standards you will require across vendors.
  • Run two proofs of value with different risk profiles. One in a high volume, low risk domain to prove ROI quickly. One in a sensitive domain with strict controls to prove governance. Measure both and compare.
  • Add quarantine and kill switch steps to incident playbooks. Test them. Add agent recertification to quarterly access reviews.
  • Negotiate analytics and cost transparency into every agent contract. If a vendor cannot export usage and outcomes, you cannot prove value.

The bottom line

Workday’s Sana purchase is not just another AI acquisition. It is the clearest signal yet that enterprises will treat AI agents like coworkers with badges, budgets, and bosses. The winners in 2026 will be the teams that make agents observable, governable, and measurably useful. The tools are arriving. The operating model is up to you.

Other articles you might like

How SEC’s new rules unleashed Dogecoin and XRP ETFs overnight

How SEC’s new rules unleashed Dogecoin and XRP ETFs overnight

The SEC’s Sept 17 approval of generic listing standards for commodity-based ETPs, paired with July 29 in-kind creation and redemption orders, cleared the path for Cboe to list REX‑Osprey’s Dogecoin and XRP ETFs on Sept 18. Here is what changes next.

Cryptocurrencies
·Read more
Gemini in Chrome makes agentic browsing mainstream at last

Gemini in Chrome makes agentic browsing mainstream at last

Google’s September rollout of Gemini inside Chrome is the moment agentic browsing jumps from demo to default. Here is what tab‑aware synthesis and upcoming multi‑step, cursor‑driven automation mean for search, ecommerce, privacy, extensions, and your roadmap.

Artificial Inteligence
·Read more
Israel’s Iron Beam enters service: per shot shield math

Israel’s Iron Beam enters service: per shot shield math

Israel says its 100 kilowatt class Iron Beam will be ready for operational use later in 2025. If lasers really cut interception costs to a few dollars, the economics of barrages and drone swarms change fast. Here is how and where it still breaks.

Military
·Read more
Ghost Shark goes fleet: Australia’s bet on autonomous subs

Ghost Shark goes fleet: Australia’s bet on autonomous subs

Australia just moved Ghost Shark from prototype to fleet, committing A$1.7 billion to field dozens of extra‑large autonomous subs within five years. The decision signals a pivot from slow, crewed AUKUS timelines to scalable undersea autonomy.

Military
·Read more
Speed to Power: How AI Will Fast-Track a New U.S. Grid

Speed to Power: How AI Will Fast-Track a New U.S. Grid

Washington’s new Speed to Power push aims to deliver the electricity surge needed for AI and data centers by fast-tracking generation and transmission. Here is how it works, who benefits, who pays, and what it means for prices and emissions.

Energy
·Read more
Retro’s Autophagy Alzheimer’s Pill Enters Human Trials

Retro’s Autophagy Alzheimer’s Pill Enters Human Trials

Retro Biosciences will dose its first Alzheimer’s patients in Australia with RTR242, an autophagy-boosting pill. The study is a test case for proving longevity mechanisms through disease endpoints, and for a new path in regulation and funding.

Longevity
·Read more