← Back
NVIDIA
NVIDIA launches OpenShell, an open-source runtime for safer autonomous AI agents with policy enforcement
· releasefeatureplatformsecurityopen-source · developer.nvidia.com ↗

NVIDIA OpenShell: Safer Autonomous AI Agents

NVIDIA announced OpenShell, an open-source runtime designed to address the security and safety challenges of long-running, self-evolving autonomous AI agents. The runtime is part of the broader NVIDIA NemoClaw stack and the NVIDIA Agent Toolkit, enabling developers to deploy agentic systems safely across cloud, on-premises, and local deployments.

The Core Problem

Autonomous agents ("claws") introduce new security risks that traditional AI assistant architectures don't face:

  • Self-evolving capabilities: Agents can write and execute their own code to acquire new skills during runtime
  • Persistent execution: Long-running processes maintain context and state across sessions
  • Credential exposure: With shell access and live credentials, every prompt injection becomes a potential security breach
  • Permission inheritance: Subagents can inherit unintended permissions from parent agents
  • Unreviewed dependencies: Third-party skills installed by agents bypass security review

Today's agent runtimes lack fundamental security primitives: sandboxing, granular permissions, and isolation mechanisms.

How OpenShell Works

OpenShell enforces a critical architectural principle: out-of-process policy enforcement. Rather than relying on behavioral prompts or in-process guardrails, the runtime enforces constraints at the infrastructure level—meaning agents cannot override them even if compromised.

Key features include:

  • Sandboxed execution: Agents run in isolated environments with limited access to host systems
  • Granular permissions: Fine-grained control over what resources agents can access
  • Privacy router: Controls where inference requests are routed and how data flows
  • Policy-based guardrails: Enterprise-grade security controls outside the agent's reach
  • Transparent deployment: Works with existing agents (OpenClaw, Claude Code, Codex) without code changes

Immediate Availability

Developers can deploy agents in OpenShell with a single command: openshell sandbox create --remote spark --from openclaw. This works across diverse environments—from individual RTX PCs to enterprise GPU clusters on NVIDIA DGX Spark—without modifying agent code.

Integration with NVIDIA's Agentic Stack

OpenShell integrates with NVIDIA Nemotron (open-source models) and the broader NVIDIA Agent Toolkit, which provides models, tools, evaluation frameworks, and runtimes for building production-ready agents that can plan tasks, work across applications, and integrate with enterprise data sources.