← Back
NVIDIA
NVIDIA OpenShell brings sandboxed execution and policy enforcement to autonomous AI agents
· releasefeatureplatformsecurityopen-source · developer.nvidia.com ↗

NVIDIA Introduces OpenShell for Safer Agent Deployment

NVIDIA announced OpenShell, an open-source runtime component of the NVIDIA Agent Toolkit designed to enable safer deployment of autonomous, self-evolving AI agents. The runtime addresses a critical gap in agent infrastructure by providing enterprise-grade security controls while maintaining agent autonomy and capability.

The Problem: Autonomous Agents Without Security Guardrails

Long-running autonomous agents introduce a new threat model compared to stateless chatbots. Agents with persistent shell access, live credentials, the ability to rewrite tooling, and accumulated context running against internal APIs present significant security risks. Current agent runtimes lack core security primitives like sandboxing, permissions, and isolation—forcing an impossible choice between safety, capability, and autonomy.

How OpenShell Works

OpenShell employs out-of-process policy enforcement, moving security controls outside the agent's reach. Instead of relying on behavioral prompts that agents could potentially override, it enforces constraints at the environment level:

  • Sandbox execution: Agents run in isolated, containerized environments similar to browser tabs
  • Granular permissions: Fine-grained control over what agents can access and execute
  • Privacy routing: Control over where inference requests are routed
  • Pre-execution verification: Runtime validates permissions before any action executes

Developers can deploy agents with a single command: openshell sandbox create --remote spark --from openclaw with zero code changes.

Integration and Deployment

OpenShell is part of the NVIDIA Agent Toolkit, which provides the complete deployment stack including models, tools, evaluation frameworks, and runtimes. It works with autonomous agents like OpenClaw as well as third-party coding agents such as Anthropic's Claude Code and OpenAI's Codex, allowing them to run unmodified inside the OpenShell sandbox.

The technology is based on Apache 2.0 and integrates with NVIDIA's open-source models like Nemotron, enabling secure agent deployment across diverse environments: cloud platforms, on-premises infrastructure, NVIDIA RTX PCs, and NVIDIA DGX clusters.