The advancement of artificial intelligence has reached a new milestone with the emergence of autonomous agents. These agents are not just limited to generating responses or performing tasks; they are now capable of taking action. This includes reading files, using tools, writing and running code, and executing workflows across enterprise systems, all while continuously expanding their own capabilities.
However, with this increased autonomy comes a growing risk at the application layer. As agents evolve and improve over time, there is a need for robust security measures to ensure their safe operation. To address this challenge, NVIDIA has developed the OpenShell runtime as part of the NVIDIA Agent Toolkit.
OpenShell is an open-source, secure-by-design runtime specifically designed for running autonomous agents such as claws. It operates by running each agent within its own sandbox, effectively separating application-layer operations from infrastructure-layer policy enforcement. This means that security policies are enforced at the system level, making them inaccessible to the agent. Instead of relying on behavioral prompts, OpenShell enforces constraints on the agent’s environment, preventing it from overriding policies or leaking sensitive information, even if compromised.
By utilizing OpenShell, enterprises can effectively separate agent behavior, policy definition, and policy enforcement. This unified approach provides organizations with a single policy layer to define and monitor how autonomous systems operate. Whether it is coding agents, research assistants, or agentic workflows, they all run under the same set of runtime policies, regardless of the host operating system. This simplifies compliance and operational oversight for organizations.
In essence, OpenShell applies a “browser tab” model to agents, isolating sessions, controlling resources, and verifying permissions before any action is taken. This ensures a secure and controlled environment for autonomous agents to operate within.
To further enhance the security of autonomous systems, NVIDIA is collaborating with leading security partners, including Cisco, CrowdStrike, Google Cloud, Microsoft Security, and TrendAI. This collaboration aims to align runtime policy management and enforcement for agents across the enterprise stack, providing a comprehensive security solution for AI agents.
In addition to the OpenShell runtime, NVIDIA has introduced NemoClaw, an open-source reference stack that simplifies the installation of OpenClaw always-on assistants with the OpenShell runtime and NVIDIA Nemotron models in a single command. NemoClaw serves as a valuable resource for enthusiasts looking to build self-evolving personal AI agents, or claws. It offers a reference example for policy-based privacy and security guardrails, allowing users to customize their agents based on their specific needs.
NemoClaw includes an example configuration of OpenShell that dictates how the agent should interact with systems. By leveraging open-source models like NVIDIA Nemotron alongside OpenShell, self-evolving claws can run securely in various environments, including clouds, on-premises, and personal computers.
Both OpenShell and NemoClaw are currently in the early preview stage, with NVIDIA actively engaging with the community and its partners to enable enterprises to scale self-evolving, long-running autonomous agents safely and in compliance with global security standards.
For those interested in exploring OpenShell, NVIDIA provides resources to get started, including launching a ready-to-use environment on NVIDIA Brev or exploring the open-source project on GitHub. By leveraging these tools, organizations can harness the power of autonomous agents while ensuring their security and compliance with industry standards.
For more Information, Refer to this article.
