Jensen Huang and Bill McDermott Bet on OpenShell to Secure Enterprise AI Agents

Enterprises are confronting a fundamental mismatch between legacy software stacks—built for human interaction—and the relentless speed of autonomous AI agents. Nvidia’s OpenShell rewrites the bottom layer of that stack, placing each agent in an isolated sandbox and delegating credential management to a hardened gateway. By leveraging Linux kernel primitives such as seccomp, eBPF, and Landlock, OpenShell enforces policies below the application tier, preventing credential leakage and containing malicious behavior before it reaches critical infrastructure.

The partnership with ServiceNow amplifies OpenShell’s relevance. ServiceNow’s Project Arc will run on the runtime, delivering a secure, autonomous desktop assistant for developers, IT staff, and administrators. Integrated with ServiceNow’s Action Fabric and AI Control Tower, the solution offers end‑to‑end governance, auditability, and lifecycle oversight—key requirements for sectors like finance, health care, and government. This collaboration showcases a concrete use case where sandboxed agents can safely interact with enterprise SaaS platforms without exposing keys or bypassing existing security controls.

OpenShell’s open‑source model and contributions from ecosystem players such as LangChain signal a shift toward a shared, agent‑native foundation. By abstracting identity, credential, and policy primitives for non‑human actors, the toolkit promises to accelerate adoption of autonomous agents across regulated industries. As benchmarks like NOWAI‑Bench demonstrate, the performance of models such as Nemotron 3 Super on enterprise workloads is already competitive, making the security guarantees of OpenShell a timely enabler for the next wave of AI‑driven automation.