← Back
NVIDIA
NVIDIA launches OpenShell runtime for safer autonomous AI agents with policy-based sandboxing
· releasefeatureopen-sourcesecurityplatform · developer.nvidia.com ↗

NVIDIA Announces OpenShell Runtime for Safer AI Agents

NVIDIA introduced NemoClaw, an open source stack that simplifies deployment of autonomous AI agents—called "claws"—with integrated security and privacy guardrails. The announcement includes the NVIDIA OpenShell runtime, part of the broader NVIDIA Agent Toolkit, which sits between agents and infrastructure to govern execution, permissions, and data access.

The Problem: Uncontrolled Agent Risk

Long-running, self-evolving agents like OpenClaw present a fundamental security challenge. Unlike stateless chatbots, these agents maintain persistent context across sessions, spawn subagents independently, write their own code to learn new skills, and execute continuously with access to tools and live credentials. This creates a dramatically expanded attack surface where prompt injections could leak credentials, third-party skills act as unreviewed binaries with filesystem access, and subagents inherit unintended permissions.

Existing solutions force a trade-off: you can choose two of three properties—safety, capability, or autonomy—but not all three. A safe, autonomous agent lacks necessary tools. A capable, safe agent requires constant human approval. A capable, autonomous agent relies on internal guardrails that can be compromised.

OpenShell's Out-of-Process Architecture

OpenShell solves this by enforcing policy outside the agent's process, similar to browser tab isolation. Key features include:

  • Sandbox isolation: Purpose-built for long-running agents (not generic containers), handling skill development and stateful execution
  • Runtime permission verification: All actions verified before execution against fine-grained filesystem, network, and process constraints
  • Policy-based controls: Administrators define what agents can see, do, and where inference executes
  • Unmodified agent compatibility: Agents like OpenClaw, Claude Code, and similar tools run unchanged inside OpenShell

Deployment and Access

The runtime is available as part of the NVIDIA Agent Toolkit and supports deployment across NVIDIA DGX Spark, DGX Station, RTX PCs, and cloud/on-premises infrastructure. Users can create isolated sandbox environments with a single command: openshell sandbox create --remote spark --from openclaw, with zero code changes required.

OpenShell is released under the Apache 2.0 license, combining NVIDIA's Nemotron open source models with enterprise-grade runtime security to enable safe deployment of self-evolving agents in production environments.