← Back
NVIDIA
NVIDIA unveils OpenShell runtime for safer autonomous agents with out-of-process policy enforcement
· releasefeatureplatformsecurityopen-source · developer.nvidia.com ↗

NVIDIA Introduces OpenShell Runtime for Autonomous Agents

NVIDIA announced NemoClaw, an open-source stack for running always-on AI agents with built-in safety mechanisms. At the core is OpenShell, a new runtime that sits between autonomous agents and infrastructure, enabling safer deployment across cloud, on-premises, NVIDIA RTX PCs, and DGX Spark systems.

The Problem with Current Agent Architectures

Traditional AI agent runtimes lack fundamental security primitives needed for long-running, self-evolving agents. These agents can:

  • Persist context across sessions and spawn independent subagents
  • Write and execute their own code to learn new skills mid-task
  • Maintain live credentials and shell access for extended periods
  • Install third-party skills and inherit permissions uncontrollably

This creates a critical threat model: prompt injection attacks risk credential leaks, unreviewed third-party skills have filesystem access, and subagents can inherit unintended permissions. Existing approaches force a tradeoff—you can have two of three: safety, capability, and autonomy, but rarely all three simultaneously.

How OpenShell Solves This

OpenShell's core innovation is out-of-process policy enforcement. Rather than relying on internal behavioral prompts that agents can override, it enforces constraints at the environment level—making them impossible to circumvent even if the agent is compromised. This approach mirrors browser tab isolation applied to AI agents.

Key capabilities include:

  • Sandboxed execution designed specifically for long-running agents
  • Granular permissions managed by the runtime, not the agent
  • Privacy routing to control data flow and inference destinations
  • Session isolation with verified runtime permission checks before any action executes

Deployment and Integration

Developers can deploy agents with a single command: openshell sandbox create --remote spark --from openclaw, requiring zero code changes. OpenShell supports unmodified execution of:

  • OpenClaw
  • Anthropic's Claude Code
  • OpenAI's Codex

The stack uses open-source models like NVIDIA Nemotron and is available under Apache 2.0 licensing. OpenShell is part of the broader NVIDIA Agent Toolkit, which provides models, tools, evaluation frameworks, and runtimes for building production-ready agents that can plan tasks, work across applications, and operate as dependable services.