Workday Agent Passport Gives Every Enterprise AI Agent a Verified ID
Workday's new Agent Passport tests, verifies, and continuously monitors every AI agent against OWASP, NIST, and MITRE standards — with Cisco AI Defense as a launch partner.
Giving AI Agents a Trustworthy Identity
Here is the security problem of 2026 in one sentence: companies are deploying fleets of AI agents that can act on their own, and most have no rigorous way to prove which agents are safe to run. On June 2, 2026, at Workday DevCon, Workday introduced Agent Passport to tackle exactly that — a system to test, verify, and continuously monitor every AI agent in the enterprise, whether Workday built it or it came from a third party.
Think of it as a background check plus an ongoing health monitor for autonomous software. And the design choices behind it are refreshingly grounded.
Test Before Production, Then Keep Watching
The core idea is simple and sound: an agent earns its "passport" by being evaluated before it reaches production, and then it stays monitored after deployment. That two-phase approach matters. Plenty of security tools check software once at the gate and never look again — but an AI agent's behavior can drift as its model, tools, or instructions change. Continuous monitoring treats the agent as a living thing, not a one-time approval.
Crucially, the program covers third-party agents too. In practice, enterprises will run a mix of homegrown and vendor-supplied agents, so a verification scheme that only blesses your own would leave the biggest blind spot wide open.
Built on Public Standards: OWASP, NIST, and MITRE
What earns my respect here is that every attestation ties back to a public industry standard rather than a proprietary checklist. Workday points to the OWASP LLM Top 10, the NIST AI Risk Management Framework, and MITRE ATLAS as the benchmarks each agent is tested against.
That is the right call. Standards-based verification produces a signed, auditable record of exactly what an agent was tested for — and who did the testing. When your security team, your auditors, and your regulators can all read from the same rulebook, trust becomes portable instead of a matter of taking a vendor's word for it.
Cisco AI Defense as an Independent Checker
Workday also brought in Cisco as a launch partner, using Cisco AI Defense to independently evaluate agents. Independent testing is a quiet but powerful trust signal: it is far more convincing when a separate party validates an agent than when the platform grades its own homework. This kind of cross-vendor cooperation is exactly what a healthy agentic-security ecosystem should look like.
A Sensible Step for the Agentic Enterprise
Agent Passport is rolling out to early-access customers in the second half of 2026, with general availability targeted before year-end. The timeline is measured, which suits security work — you want this kind of capability hardened, not rushed.
The bigger picture is encouraging. As autonomous agents move from pilots into real workflows, identity, attestation, and continuous monitoring are becoming foundational rather than optional. Agent Passport is a clear, standards-anchored move toward making AI agents accountable — and that is how you let teams adopt agentic AI with confidence instead of crossed fingers.
Sources: Workday Newsroom, "Workday Launches Agent Passport to Test, Verify, and Continuously Monitor Every AI Agent in the Enterprise" (June 2, 2026); Cisco Blogs, "Enterprise Agentic Security, Built for Platform Builders" (June 2026).