← Back
NVIDIA
NVIDIA releases OpenShell runtime for safer autonomous AI agents with sandboxing and policy enforcement
· releasefeatureopen-sourcesecurityplatform · developer.nvidia.com ↗

NVIDIA Introduces OpenShell for Enterprise-Safe AI Agents

NVIDIA has announced OpenShell, an Apache 2.0-licensed open-source runtime designed to run autonomous, self-evolving AI agents more safely. As part of the broader NemoClaw stack and NVIDIA Agent Toolkit, OpenShell addresses a critical gap in agent infrastructure: the ability to grant agents autonomy and capability while maintaining enterprise-grade security and privacy controls.

The Core Problem OpenShell Solves

Traditional AI agent runtimes face a fundamental trilemma: you can reliably achieve only two of three goals simultaneously—safety, capability, and autonomy. Current approaches rely on behavioral prompts and guardrails living inside the agent itself, creating a critical vulnerability. Long-running agents with persistent shell access, live credentials, and the ability to self-modify pose a fundamentally different threat model than stateless chatbots. Every prompt injection becomes a potential credential leak, and every third-party skill installed could be an unreviewed binary with filesystem access.

Architecture: Out-of-Process Policy Enforcement

OpenShell's core design principle is out-of-process policy enforcement—constraints are enforced by the runtime environment rather than through internal safeguards the agent could potentially override. This architectural approach mirrors browser tab isolation applied to agents:

  • Sandboxed execution with isolated sessions
  • Permission verification before any agent action executes
  • Privacy router for controlling data handling and inference routing
  • Granular permissions for fine-grained access control
  • Subagent containment to prevent inherited permission escalation

Getting Started

OpenShell requires zero code changes to support existing agents. Developers can deploy agents with a single command:

openshell sandbox create --remote spark --from openclaw

This enables unmodified deployment of agents like OpenClaw, Anthropic's Claude Code, and OpenAI's Codex. The runtime integrates with NVIDIA's Nemotron open-source models and supports deployment across clouds, on-premises, NVIDIA RTX PCs, and DGX Spark infrastructure.

Significance and Next Steps

OpenShell directly addresses the infrastructure gap for enterprise deployment of autonomous agents. By separating security policy enforcement from agent logic, NVIDIA enables developers to benefit from agent productivity while maintaining custody over agent behavior and data. The open-source model under Apache 2.0 invites community contribution and integration across broader agentic AI ecosystems.