← Back
NVIDIA
NVIDIA releases OpenShell runtime for safer autonomous AI agent deployment
· releasefeatureopen-sourcesecurityplatformapi · developer.nvidia.com ↗

NVIDIA Introduces OpenShell for Autonomous Agent Safety

NVIDIA announced OpenShell, a new open-source runtime component of the NVIDIA Agent Toolkit designed to run autonomous, self-evolving AI agents more safely. The runtime addresses critical security gaps in long-running agent deployment by providing out-of-process policy enforcement, sandboxed execution environments, and fine-grained permission controls.

Key Features and Architecture

OpenShell sits between agents and infrastructure, governing execution, visibility, and inference routing. The runtime operates on a critical architectural principle: out-of-process policy enforcement that cannot be overridden by the agent, even if compromised. Key capabilities include:

  • Isolated sandboxes for agent execution, similar to browser tab isolation
  • Granular permissions with runtime verification before any action executes
  • Privacy router to control data handling and credential management
  • Seamless integration with existing agents—run with a single command: openshell sandbox create --remote spark --from openclaw

Agents like OpenClaw, Anthropic's Claude Code, and OpenAI's Codex can run unmodified inside OpenShell without code changes.

Addressing the AI Agent Threat Model

Long-running agents present a different security profile than stateless chatbots. Agents with persistent shell access, live credentials, code-rewriting abilities, and accumulated context pose significant risks including prompt injection attacks leading to credential leaks and unreviewed third-party skills with filesystem access. OpenShell moves security guardrails outside the agent process itself, preventing internal compromise from bypassing protections.

Deployment Flexibility

OpenShell enables agent deployment across multiple environments—cloud, on-premises, NVIDIA RTX PCs, and NVIDIA DGX systems—while maintaining consistent security posture. It integrates with NVIDIA NemoClaw, an open-source stack combining OpenShell with open models like NVIDIA Nemotron for simplified always-on agent deployment.

The runtime is released under Apache 2.0 license, enabling broad adoption and contribution from the developer community.