← Back
NVIDIA
NVIDIA Launches OpenShell Runtime for Safer Autonomous AI Agent Deployment
· releasefeatureplatformsecurityopen-source · developer.nvidia.com ↗

NVIDIA Introduces NemoClaw and OpenShell

NVIDIA announced NemoClaw, an open-source stack designed to run long-running AI agents (called "claws") more safely. The announcement includes OpenShell, a new Apache 2.0 licensed runtime that serves as the core security layer in the NVIDIA Agent Toolkit. OpenShell enables developers to deploy autonomous agents while maintaining enterprise-grade privacy and security controls.

The Core Problem OpenShell Solves

Traditional agent runtimes lack critical security primitives needed for long-running, self-evolving AI systems. Autonomous agents present a unique threat model: they persist across sessions, spawn subagents, write their own code, execute long-term tasks, and maintain accumulated context. Without proper isolation, every prompt injection becomes a credential leak vector, and every third-party skill represents an unreviewed binary with filesystem access.

OpenShell addresses this by implementing out-of-process policy enforcement—moving security constraints outside the agent's reach. Rather than relying on behavioral prompts or internal guardrails (which agents can override if compromised), OpenShell enforces constraints at the environment level, similar to browser tab isolation models.

Key Features and Capabilities

Core Runtime Components:

  • Sandboxed execution environment specifically designed for long-running agents
  • Out-of-process policy enforcement ensuring agents cannot bypass security constraints
  • Granular permission controls governing what agents can see and do
  • Privacy router controlling where inference workloads execute
  • Session isolation preventing cross-session context leakage

Deployment Model: Developers can deploy agents with a single command: openshell sandbox create --remote spark --from openclaw, requiring zero code changes. OpenShell works with multiple agent types including OpenClaw, Anthropic's Claude Code, and OpenAI's Codex unmodified.

Deployment Flexibility

NemoClaw leverages open-source models like NVIDIA Nemotron and runs across multiple infrastructure tiers: NVIDIA RTX PCs, on-premises deployments, cloud environments, and NVIDIA DGX Spark clusters. The broader NVIDIA Agent Toolkit provides the complete deployment stack including models, tools, evaluation frameworks, and runtimes for building production-ready agents.