The New Engineering Discipline Nobody's Job Title Reflects Yet

Two announcements dropped this week that, taken together, signal something bigger than either story alone. On June 2, Workday launched Agent Passport — a system that tests and verifies every AI agent before it touches production data. On June 3, NetFoundry launched enterprise-grade Zero Trust gateways specifically for LLM APIs. Neither is a startup. These are mature enterprise software organisations building compliance and security infrastructure for AI agents.

What Workday Actually Shipped

Agent Passport isn't a marketing concept. It's a testing and attestation pipeline that applies to every AI agent operating inside Workday's ecosystem — whether Workday built it or a third party did. Every agent gets tested against the OWASP LLM Top 10, mapped to NIST AI RMF controls, and cross-referenced with MITRE ATLAS threat vectors. When an agent passes, it gets a signed, auditable record of exactly what it was tested for.

The signed record part matters more than people are giving it credit for. This isn't a checkbox. It's a verifiable artefact — the kind of thing a CISO can point to during an audit. That's the same posture enterprises adopted for production APIs around 2015, and it fundamentally changed how engineering teams operated.

“Every AI agent — Workday-built or third-party — must pass security and compliance attestation before it touches production. The era of 'we'll figure out governance later' is closing.”

NetFoundry and the Zero Trust Layer for LLMs

NetFoundry's gateway model eliminates API key distribution and port exposure entirely. Agents get Zero Trust access to LLM providers — OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Vertex AI, Ollama — authenticated, policy-controlled, and auditable, without the credential sprawl that currently makes enterprise AI deployments a security team's nightmare.

The M&A Layer Confirms the Trend

Asana acquired StackAI (no-code agent execution infrastructure). Palo Alto Networks acquired Portkey (AI gateway for routing, observability, and runtime policy). When Palo Alto Networks decides the AI gateway layer is worth acquiring, that's a strong signal about where security engineering attention is heading.

OWASP LLM Top 10 Is Becoming the Standard

The fact that Workday anchored Agent Passport to OWASP LLM Top 10 matters. OWASP frameworks become standards because they give compliance teams and engineers a shared vocabulary. Prompt injection, insecure output handling, training data poisoning — these aren't theoretical. Expect OWASP LLM Top 10 in vendor contracts and job descriptions within 12 months.

The Role That's Forming

AI agents are being treated like production software — which means they need security reviews, compliance sign-off, audit trails, and ongoing monitoring. Every one of those requirements maps to an engineering function that most organisations either don't have, or have spread awkwardly across security, ML, and platform teams.

• Fluency with LLM behaviour — context windows, prompt injection mechanics, output reliability, agentic tool use
• Working knowledge of OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS
• Experience with API security, Zero Trust architecture, and credential management
• Ability to design and document audit trails and attestation processes
• Understanding of enterprise compliance requirements (SOC 2, HIPAA, GDPR as they apply to AI systems)
• Familiarity with AI observability tooling — monitoring agent behaviour in production, not just at deployment

The infrastructure is taking shape faster than most people realise. The remaining gap is the human function — the engineering discipline that runs this infrastructure, maintains the audit trail, and keeps agents compliant as models evolve. That gap is the opportunity.