SAP and NVIDIA Embed Security Into Enterprise Agent Runtime
SAP and NVIDIA announced an expanded collaboration to embed NVIDIA's OpenShell runtime into SAP Business AI Platform, providing security and governance controls for autonomous agents operating in enterprise systems. OpenShell offers isolated execution environments, policy enforcement, and infrastructure-level containment to guard against failures when agents access systems of record across finance, procurement, supply chain and manufacturing. SAP engineers are codesigning OpenShell alongside NVIDIA while contributing back to the open source project, and NVIDIA's NemoClaw reference blueprint will be available directly in Joule Studio to accelerate agent development.
TL;DR
- →SAP embeds NVIDIA OpenShell, an open source runtime for secure autonomous agent deployment, into SAP Business AI Platform
- →OpenShell provides isolated execution environments, filesystem and network policy enforcement, and infrastructure-level containment to prevent damage from agent failures
- →SAP engineers are codesigning OpenShell with NVIDIA, focusing on runtime hardening, policy modeling, enterprise identity integration, and auditing hooks
- →NVIDIA NemoClaw reference blueprint will be available in Joule Studio to give development teams a structured path from build to production without engineering security from scratch
Why it matters
As AI agents move from assistants to autonomous systems that can access enterprise data and execute workflows without human review at each step, the trust equation fundamentally changes. This collaboration addresses a critical gap: application-layer security alone cannot enforce the policy, identity and process controls that enterprises need when agents operate across systems of record. The partnership between a major enterprise software vendor and a leading AI infrastructure company signals that production-grade agentic AI requires both runtime security and application-level governance working in tandem.
Business relevance
For enterprises running finance, procurement and supply chain operations on SAP, this removes a major barrier to deploying autonomous agents in production. Organizations can now move agents from proof of concept to trusted deployment without building custom security scaffolding, reducing time to value and engineering overhead. The availability of NemoClaw as a reference blueprint in Joule Studio gives development teams a structured path to production, making it faster and cheaper to build agents that enterprises can actually trust with their data.
Key implications
- →Enterprise agent adoption will accelerate as security and governance become built-in rather than bolted-on, lowering the barrier to production deployment
- →Open source runtime security for agents is becoming table stakes, with major vendors now codesigning infrastructure to address enterprise requirements rather than leaving it to individual organizations
- →The application layer is emerging as the critical battleground for agentic AI, where business logic, policy enforcement and audit trails must work together to enable autonomous systems at scale
What to watch
Monitor whether other enterprise software vendors adopt similar approaches to agent security and governance, or whether SAP and NVIDIA's partnership becomes a competitive moat. Track adoption rates of agents built with Joule Studio and OpenShell to see if the friction around production deployment actually decreases. Watch for how policy modeling and identity integration evolve in OpenShell as enterprises begin running agents against real systems of record at scale.
vff Briefing
Weekly signal. No noise. Built for founders, operators, and AI-curious professionals.
No spam. Unsubscribe any time.
