Breaking: Industry Giants Endorse OpenShell to Secure Autonomous Enterprise AI
Nvidia CEO Jensen Huang and ServiceNow CEO Bill McDermott have placed a major bet on OpenShell — an open-source secure runtime designed specifically for autonomous AI agents. Executives warn that existing enterprise software stacks, built for human operators, are dangerously inadequate for machine-speed decision-making.
The project, released under the Apache 2.0 license, provides a sandboxed environment where AI agents can operate without direct access to host infrastructure, credentials, or governance controls. Nvidia senior director of AI software Ali Golshan led the development over the past six months as part of Nvidia's broader Agent Toolkit.
Quote from Lead Developer
"If you want to give more and more autonomy to an agent, the lowest level of the stack should really be a sandbox," Golshan told The New Stack. "That agent should not be interacting directly with your operating system or host or network or infrastructure."
Background: The Architectural Problem
Current enterprise tooling assumes a human user as the trusted actor — controlling, monitoring, and moving at human speed. Autonomous agents break every assumption: they're faster, run indefinitely, and don't fit identity models built for people.
Golshan argues that using traditional stacks for autonomous agents creates not just inefficiency but critical security gaps. OpenShell aims to rebuild the stack from the ground up for machine-native operations.
Sandbox First, Then the Gateway
OpenShell isolates every agent — including its harness and model — inside its own sandbox. A separate gateway outside handles credential management and session state. When the agent needs external services like ServiceNow, Salesforce, or Workday, the gateway authenticates and passes the session into the sandbox.
The agent never holds keys directly. A prompt injection or arbitrary command execution is contained within the sandbox, limiting blast radius.
Policy Below the Application Layer
Enforcement happens at the Linux kernel level using primitives like seccomp, eBPF, and Landlock. This approach differs from bolted-on security where each product has its own mechanism, creating complexity and gaps.
"Security needs to be baked in, not bolted on," Golshan emphasized. The result is consistent policy enforcement across all agent interactions.
What This Means
For enterprises deploying AI agents in customer service, IT operations, or financial workflows, OpenShell offers a trusted runtime that prevents credential leakage and resource abuse. It allows agents to operate at machine speed without compromising security.
The backing from top executives at Nvidia and ServiceNow signals that secure agent infrastructure is now a boardroom priority. As autonomous agents move from pilot to production, the entire software stack must be re-architected — and OpenShell is the first major open-source framework to tackle that challenge head-on.