Workday used DevCon 2026 to make a developer argument that could reshape how ERP teams think about build versus buy. The company announced on June 2 Developer Agent, Agent-Ready Tools, Agent Passport, and a Workday Data Cloud integration with AWS.
The announcements give customers a clearer view of Workday’s agent strategy:
- Developers can build in the tools they already use.
- Agents can access Workday data through governed connectors.
- Security teams can verify agents before they act inside HR, finance, and IT workflows.
That is a different posture from the classic enterprise application model, where customers buy the suite, configure inside the suite, and wait for the vendor’s release cycle to deliver the next layer of functionality. Workday is trying to hold the governance layer while letting more agent development happen outside its own interface.
For ERP transformation leaders, that evolves the practical question beyond whether a Workday customer should build only inside Workday or buy only from Workday. The harder question is which parts of agent development belong in the customer’s own AI tooling, which parts should stay inside Workday, and which governance functions the enterprise cannot afford to rebuild from scratch.
Developer Agent and External Builder Workflow
Developer Agent plugs into agentic development tools including Claude Code, Cline, Codex, Cursor, and Google Antigravity. Workday says developers can use plain language to build AI apps and agents on the Workday platform, with Developer Agent selecting the relevant Agent-Ready Tools, connecting data and services, and pulling in documentation and examples.
Workday is acknowledging that developer experience is increasingly shaped outside the ERP vendor’s own development environment. Builders are already using AI coding tools, agentic IDEs, and prompt-driven workflows. Instead of forcing those teams back into a Workday-only interface, Workday is trying to make its platform available inside the tools developers have already adopted.
The strategic concession is useful for customers. Many enterprises have central Workday teams, internal developers, implementation partners, and AI builders working across different tools. Developer Agent gives Workday a way to participate in that environment without asking every builder to abandon their preferred workflow.
It also changes the role of Workday Extend. Extend still is the platform layer for custom Workday apps and agents, but Developer Agent shifts some of the attention from specialist platform development toward business-led agent creation. That could lower the barrier to building tailored HR and finance workflows, especially for customers with limited Workday developer capacity.
The risk is governance drift. Faster agent creation can produce useful automation, but it can also create duplicative agents, unclear ownership, uneven testing, and workflows that are hard to support. Workday’s next challenge is making developer speed compatible with enterprise control.
Analysis
What this means: Faster agent creation will expose weak internal ownership models. Workday is making it easier for developers, partners, and business teams to build around HR and finance workflows, but speed can quickly turn into duplication if no one owns the agent portfolio. The next readiness test is not whether a company can build agents, but whether it can decide which ones deserve to exist, who supports them, and when they get retired.
Agent-Ready Tools as Business Logic Layer
Agent-Ready Tools are the operational core of the announcement. Workday describes them as connectors built specifically for autonomous agents rather than traditional APIs built for system-to-system integration. They are designed to let agents take actions such as looking up a record, updating a benefit, or triggering an approval while inheriting Workday’s security model, delegation rules, business process controls, and audit trail.
That is where the ERP relevance sits. An agent that touches payroll, benefits, workforce planning, procurement, or financial data needs more than access. It needs the rules that determine who can see the data, what action is allowed, what approval path applies, and how the action will be logged.
Agent-Ready Tools give Workday a way to expose business logic to developers without asking them to recreate it. Hundreds of Workday tools connect through open standards such as Model Context Protocol and developers can extend actions beyond Workday through thousands of Pipedream connectors.
The architecture positions Workday as a governed action layer for enterprise agents. A developer may build in Cursor or Claude Code, but the agent still has to call Workday’s tools when it wants to act on HR or finance data. That is a stronger enterprise position than owning only the development interface because it anchors value in permissions, process logic, and auditability.
Agent Passport and Enterprise Trust Model
Agent Passport is the announcement most likely to resonate with security, risk, and board-level audiences.
Workday says Agent Passport will test, verify, and continuously monitor Workday-built and third-party AI agents before and after deployment. The checks are tied to public standards including OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS, with Cisco serving as the first attestation partner through Cisco AI Defense.
The model gives security teams a signed, auditable record of what an agent was tested for, who tested it, and which standard the test maps to. That matters because agent risk is difficult to evaluate through vendor claims alone. Prompt injection, jailbreaks, system prompt extraction, employee data leakage, and unsafe outputs create different kinds of exposure when agents can act inside HR and finance workflows.
Independent attestation also creates a path toward comparability. If two agents from different vendors are tested against the same public standard, security teams gain a common reference point. That does not eliminate risk, but it gives enterprises a more structured way to decide which agents can move into production, which need limits, and which should be blocked.
This is still an emerging control model. CIO reported that Workday is working through questions of accountability if a tested agent later misbehaves, and Agent Passport starts with Cisco as the sole testing partner. That makes the early rollout important. Customers will need to see how broadly Workday expands the attestation ecosystem, how revocation works in practice, and how Agent Passport interacts with existing identity, security, and compliance tools.
Analysis
What this means: Agent trust will become a buying conversation. Agent Passport points to a market where enterprises will ask for proof that an AI agent has been tested, monitored, and tied to recognized standards before it touches sensitive business workflows. That shifts evaluation away from demo-ready automation and toward harder questions about evidence, accountability, revocation, and what happens when a third-party agent behaves erratically.
Sponsor Industry‑Grade Research
Data Cloud as Agent Context Layer
The AWS integration expands the same strategy into data architecture.
Workday says developers will get bi-directional zero-copy access between AWS data and AI services and Workday’s governed HR and finance data. Workday Data Lake, Workday Data Connect, and Workday Live Data Query are available to early adopter customers, with AWS early access coming soon.
The Workday argument is agents need business context before they can act reliably. HR and finance data is not just a set of tables. It carries definitions, permissions, metric logic, organizational structures, and process rules that shape how decisions should be made.
Zero-copy access fits the way many enterprises already build AI and analytics workloads in hyperscaler environments. If developers can point AWS tools, including Amazon Bedrock, at governed Workday data without duplicating pipelines or recreating business logic, Workday becomes more useful to teams building outside the core application.
That also reinforces the platform shift. Workday is not only trying to keep users inside its suite. It is trying to make Workday data, permissions, and business definitions travel into the places where developers are already building.
Availability, Adoption, Execution Risk
Developer Agent and Agent-Ready Tools are available now to early access customers through Workday Extend Professional, with general availability projected for the second half of 2026. Agent Passport is expected to reach early access customers in the second half of 2026 and general availability before year end.
Workday’s Agent System of Record is generally available, giving customers a central place to gain visibility and control over AI agents. Together, these releases show how Workday wants to govern agents whether they are Workday-built, customer-built, partner-built, or connected through third-party systems.
The execution test starts now. In a market where AI agents can be built quickly, the vendor that governs access to people, money, business process, and audit trails may hold a stronger position than the vendor that owns only the coding surface. Workday needs developers to adopt the tools, security teams to trust the attestation model, partners to build against the new architecture, and customers to prove they can operationalize agents without creating new control gaps.
Analysis
What this means: Build-versus-buy is less about cost and more about control. Workday’s message is that customers can build more themselves, but the parts that determine risk still sit in permissions, process rules, audit trails, data access, and lifecycle management. The companies that benefit most will be the ones that treat agent development like an operating model decision, not a shortcut around ERP governance.



