Workday, a company that provides enterprise software for HR, finance and IT, has launched Agent Passport, a system that tests and verifies AI agents before they go into production and continues to monitor them afterward. The system applies to agents built by Workday and to third-party agents, and ties each test result to a public industry standard such as the OWASP LLM Top 10, the NIST AI Risk Management Framework or MITRE ATLAS, producing a signed and auditable record of what each agent was tested for and who performed the testing.
The product checks agents against a range of risks before deployment, including prompt injection, jailbreak and goal hijacking, extraction of an agent's own system instructions, leaks of employee data and unsafe outputs. Each result is tied to a public standard and signed by the partner that ran the test, which the company says makes the record independent and comparable across agents from different vendors.
Once an agent is running, Agent Passport monitors its actions in real time and either allows, blocks or routes each task. If a problem is found, a single revocation can stop, limit or restrict the affected agents according to company policy.
Workday's argument for the approach is that most platforms offering agent security testing do the testing themselves, which means the same vendor that built an agent also certifies it as safe. Agent Passport is structured so that the testing is performed by outside partners against public standards.
Each agent's record has three layers: the broad areas of trust that Workday defines and maintains, a set of specific testable claims tied to public standards, and the signed results from the partner that performed the testing. Because every check maps to a public standard, security teams can compare agents from different vendors on the same terms, and two agents carrying the same check from different partners were held to the same requirement.
Cisco, a networking and security company, is the launch partner and is bringing its Cisco AI Defense product to test agents running in Workday before deployment and protect them at runtime. According to the companies, Cisco AI Defense confirms that an agent resists attempts to override its instructions, keeps those instructions from being exposed, protects employee information from leaking and blocks harmful or policy-violating responses before they reach a user, which the companies describe as particularly important for agents handling payroll, benefits and financial data.
"AI agents are now doing the most sensitive work in the enterprise, from onboarding employees to processing payments, and one insecure agent can leak employee data, break compliance, and put the company on the front page for the wrong reasons," said Dean Arnold, vice president, AI Platform, Workday. "Agent Passport gives companies confidence that every agent has been independently tested and verified, and the power to shut any of them down across the business the moment something changes."
"Agents are going to be everywhere in the enterprise, and that only works if security teams have a clear, signed record of what each one has been tested for," said DJ Sampath, senior vice president and general manager, AI Software and Platform, Cisco. "Cisco AI Defense was built for exactly this kind of validation, and we're excited to partner with Workday to secure the agentic workforce."
Agent Passport will be available to early access customers in the second half of 2026, with general availability projected before the end of the year. The Workday and Cisco partnership is active now, with joint capabilities rolling out over the coming quarters.
