World of Workflows: a Benchmark for Bringing World Models to Enterprise Systems

Abstract: Frontier LLMs excel as autonomous agents in many domains, yet they remain untested in complex enterprise systems where hidden workflows create cascading effects across interconnected databases. Existing enterprise benchmarks evaluate surface-level agentic task completion similar to general consumer benchmarks, ignoring true challenges in enterprises, such as limited observability, large database state, and hidden workflows with cascading side effects. We introduce World of Workflows (WoW), a realistic ServiceNow-based environment incorporating 4,000+ business rules and 55 active workflows embedded in the system, alongside WoW-bench, a benchmark of 234 tasks evaluating constrained agentic task completion and enterprise dynamics modeling capabilities. We reveal two major takeaways: (1) Frontier LLMs suffer from dynamics blindness, consistently failing to predict the invisible, cascading side effects of their actions, which leads to silent constraint violations, and (2) reliability in opaque systems requires grounded world modeling, where agents must mentally simulate hidden state transitions to bridge the observability gap when high-fidelity feedback is unavailable. For reliable and useful enterprise agents, WoW motivates a new paradigm to explicitly learn system dynamics. We release our GitHub for setting up and evaluating WoW.

• The paper demonstrates that LLMs struggle with dynamics blindness and constraint violations in enterprise workflows using a detailed ServiceNow simulation.
• It employs a POMDP framework with both tool responses and audit logs to highlight shortcomings in forward and inverse dynamics predictions over multi-step tasks.
• It suggests that integrating symbolic reasoning, model-based reinforcement learning, and active probing is essential for achieving reliable autonomous enterprise agents.

World of Workflows: Benchmarking LLM World Modeling in Enterprise Systems

Motivation and Background

The "World of Workflows" (WoW) benchmark (2601.22130) introduces a new testbed designed to evaluate LLMs on their ability to perform reliable autonomous actions within enterprise software environments featuring cascading, hidden workflows. While prior benchmarks for agentic LLMs in enterprise domains primarily assess surface-level task completion, WoW exposes how crucial system dynamics modeling and partial observability—core concerns in enterprise IT—are to trustworthy performance. The environment is instantiated on a ServiceNow platform, incorporating over 4,000 business rules and 55 active workflows, which trigger non-local, sometimes silent, state changes in response to user or agent actions.

Unlike conventional agentic settings, WoW targets several enterprise-specific challenges:

• Limited Observability: Agents cannot see the full state; instead, they receive partial tool feedback or, in oracle settings, table audit logs.
• Workflow-Caused Dynamics: Ordinary actions may launch background workflows that have far-reaching, indirect state transitions.
• Constraint Complexity: Many constraints are latent and triggered or violated only through multi-step, non-obvious mechanisms, frequently leading to silent failures.
• Large, Relational State Spaces: The number of tables and records is vast, exacerbating partial observability and credit assignment problems.

WoW thus operationalizes the partially observable Markov decision process (POMDP) setting, where the agent must maintain and update a belief over hidden system state, closely reflecting real-world enterprise conditions.

Environment and Benchmark Structure

The WoW environment is built with granular fidelity, leveraging ServiceNow's backend to simulate actual IT operations across user, incident, asset, knowledge base, catalog, and expense management.

WoW agents act via Model Context Protocol (MCP) tools—API wrappers for CRUD operations—over a combinatorially large action space (free-form parameters). Observations are either:

• Standard tool responses ($\mathcal{O}_{tool}$): Immediate outputs or error strings, with little insight into underlying state changes.
• Oracle audit logs ($\mathcal{O}_{audit}$): Structured change logs showing which tables and fields were updated, introducing tractable but not complete state introspection.

Workflows encode non-trivial process logic. For example, asset assignment can decrement a user’s clearance level, which in turn triggers another workflow to revoke other assets—a chain invisible to the agent under standard observation.

Figure 1: A single agent action can activate a chain of hidden workflow state changes, resulting in constraint violations unobservable from standard feedback alone.

In comparison to prior enterprise benchmarks, WoW explicitly models complex, system-driven workflows and supports task designs that cannot be reliably solved by naively accumulating observed evidence, as shown in the comparative illustration:

Figure 2: Unlike previous benchmarks, WoW requires agents to predict the impact of hidden workflows and track underlying data flow to follow constraints.

Task Categories and Agent Evaluation

The WoW-bench benchmark comprises 234 tasks across four classes, each reflecting a different axis of agentic and world modeling competence:

1. Constraint Understanding: Can the agent detect/avoid violations triggered by hidden workflows, especially when local observations suggest compliance?
2. Agentic Task Completion: Does greater state visibility close the reliability gap in long-horizon, multi-step enterprise tasks? An ablation across $\mathcal{O}_{tool}$ vs. $\mathcal{O}_{audit}$ is used to answer this.
3. Audit Prediction (Forward Dynamics Modeling): Can the agent, given an action, predict downstream audit changes—the symbolic world model task?
4. Action Prediction (Inverse Dynamics Modeling): Can the agent, given a series of observed audits, infer the sequence of tool calls that caused them?

The environment supports sampling of tool-usage trajectories via a tool-dependency graph, eliminating reliance on hand-crafted evaluation paths and promoting thorough coverage of complex state transitions.

Figure 3: The tool-based dependency graph captures the structure of inter-tool dependencies essential for realistic, connected agent trajectories.

Constraint tasks are particularly adversarial, intentionally crafted so that apparent action compliance under partial observability yields hidden violations through multi-hop workflow chains.

Main Empirical Findings

LLMs exhibit marked deficiencies as world models in enterprise contexts, characterized by:

• Dynamics Blindness: Agents routinely fail to anticipate cascading workflow-induced consequences, with constraint-compliant actions silently resulting in failures.
• Lack of Symbolic Grounding: Most errors arise from inability to map between textual identifiers and system-level objects (e.g., using usernames instead of sys_ids), especially in audit and action prediction.
• Limited Causal Reasoning: Long-horizon tasks requiring multi-step tracking of state or constraint satisfaction are rarely completed successfully; attention decay and loss of long-term dependencies are prevalent.

Strong numerical results include:

• With only tool response observations ($\mathcal{O}_{tool}$), state-of-the-art LLMs achieve as low as 2% task success rate under constraint (TSRUC), even if overall task success (TSR) is higher.
• Access to detailed audit logs ($\mathcal{O}_{audit}$) increases TSRUC, but only up to 14–30% (model-dependent), demonstrating that information completeness is necessary but not sufficient.
• Constraint understanding accuracy can increase by up to 10x with table audit observations, but remains far from perfect.
• Audit prediction (forward world modeling) IoU remains below 30% for all models across K-step rollouts, with full accuracy close to zero, indicating the absence of robust forward dynamics models.
• Action prediction (inverse modeling) full accuracy is under 30%, with even tool name accuracy not exceeding 81.7% for any LLM tested.

  Figure 4: Aggregate performance of frontier LLMs across all WoW-bench task categories, highlighting the substantial performance gap from real enterprise reliability.

Error Taxonomy and Analysis

A detailed error analysis classifies failure modes across three axes:

• Representation Gap: Agents rely on unstructured token manipulation instead of grounded symbolic state, causing frequent entity misidentification and parameter mismatches.
• Dynamics Gap: Audit prediction is dominated by omissions of non-local side effects; LLMs lack any robust $P(s_{t+1}|s_t,a_t)$ model for enterprise environments.
• Causal Gap: Multi-hop, temporally remote constraint dependencies are not maintained; agents optimize for immediate action success, ignoring downstream effects.

Neither scaling context nor simplistic improvements to tool use enables reliable constraint satisfaction or robust long-horizon planning.

Implications for Agentic System Design

These findings have direct theoretical and practical implications:

• Enterprise LLM agents cannot be constructed via scaling reactive or purely instruction-following architectures. Explicit investment in structured state representations and model-based RL for workflow/dynamics simulation is required.
• Audit logs enable measurable improvement, but are impractical at scale due to overhead and access control. Agents must learn to internally simulate latent system dynamics.
• Zero-shot generalization is fundamentally limited in workflow-centric, partially observable domains. Active probing and epistemic action selection are necessary.

Enterprise autonomy cannot be achieved by prompt engineering alone; the community is compelled toward dynamics-aware, state-grounded, and epistemically active agent architectures.

Future Directions

WoW provides an open-ended environment for advancing symbolic world modeling in agentic LLMs. Immediate avenues for future research include:

• Model-based RL methods integrating audit prediction as an auxiliary task to improve environment simulation fidelity.
• Symbolic memory and entity abstraction mechanisms for robust mapping between natural language and database state.
• Active querying strategies where the agent issues information-gathering actions to reduce state uncertainty and learn hidden workflow effects.

  Figure 5: Selected examples of high-complexity workflows in WoW that illustrate the intricate, often hidden, enterprise process logic agents must model.

Conclusion

The "World of Workflows" benchmark establishes a critical empirical foundation for evaluating and advancing LLM world modeling in enterprises. Through its workflow-centric data model, partial observability, and emphasis on constraint-centric robustness, WoW fills essential gaps not addressed by prior agentic benchmarks. It demonstrates that robust enterprise autonomy must move beyond reactive, text-only paradigms, demanding deep integration of world modeling, symbolic reasoning, and explicit environment dynamics simulation. WoW sets a new standard for diagnosing, benchmarking, and ultimately closing the gap toward trustworthy enterprise AI agents.