NVIDIA and SAP join forces to bring trust to enterprise autonomous agents
NVIDIA and SAP just announced a collaboration that could change the way companies approach the adoption of autonomous agents in everyday enterprise operations. And we’re not talking about a superficial partnership or a vague press release — the technical depth of what was presented shows both companies are taking the challenge of deploying AI agents inside business-critical systems very seriously, with the level of security the market demands.
The announcement took place at SAP Sapphire, one of SAP’s largest global events, with Jensen Huang, founder and CEO of NVIDIA, alongside Christian Klein, CEO of SAP. The stage was big, the audience was qualified, and the topic was on everyone’s lips in the sector — but what really stood out wasn’t just the names of the companies together. It was the depth of the problem they decided to solve jointly and in a structured way.
The central theme was one of the most important for anyone working with AI today: how do you trust agents that access business-critical systems? It sounds like a philosophical question, but in practice it represents one of the biggest blockers for enterprise AI adoption at scale. Companies of all sizes are already interested in autonomous agents, but stalling adoption due to a lack of technical guarantees and solid governance is extremely common in today’s market.
Think about it — an AI agent that can work with finances, supply chain, procurement, and manufacturing without needing approval at every step is incredibly useful, but it’s also a massive risk if it doesn’t have the right guardrails. We’re talking about systems that move money, manage inventory, control purchase orders, and directly interfere with a company’s operations. Any wrong decision, or any unauthorized access to sensitive data, can generate real consequences, from financial losses to serious regulatory violations across different markets around the world.
That’s exactly the gap this partnership is trying to close, with NVIDIA OpenShell being incorporated directly into the SAP Business AI Platform as a runtime security layer for all agents on the platform. The idea is simple in concept but quite robust in execution: give autonomous agents a controlled execution environment with clear policies, audit trails, and infrastructure-level containment. This shifts the conversation from can we use agents? to how can we use agents safely in production?
What is OpenShell and why it matters so much
NVIDIA OpenShell is an open source runtime created specifically for the secure development and deployment of autonomous AI agents. Its purpose is well-defined: create an isolated execution environment for agents that need to interact with external systems, make autonomous decisions, and access sensitive data without requiring a human to validate each step individually. In practice, it works as a kind of security container that wraps around the agent and precisely defines what it can and cannot do during task execution — and this happens at the infrastructure level, not just at the software or user configuration level.
Among the features OpenShell offers:
- Isolated execution environments — each agent operates within well-defined boundaries, unable to access resources or data outside the permitted scope.
- Policy enforcement at the filesystem and network layers — controls don’t just sit at the application level, they go all the way down to the infrastructure where the agent actually runs.
- Infrastructure-level containment — if the agent’s logic fails or behaves unexpectedly, the damage is contained before it can spread to other systems.
What makes OpenShell different from other agent security approaches is precisely the layer where it operates. Instead of relying solely on guardrails at the language model level or rules defined within the agent itself, OpenShell establishes controls at the runtime layer — meaning the exact moment the agent is executing its actions in the real environment. This means that even if an agent receives a malicious instruction, whether through a corrupted input, a prompt injection attack, or any unexpected model behavior, the containment is already structured before any damage can actually happen inside corporate systems.
Beyond that, OpenShell also addresses a very real pain point for enterprise IT teams: traceability. Every action executed by the agent within the controlled environment is logged in detailed audit trails, which greatly simplifies compliance work, data governance, and incident response. In an increasingly demanding regulatory landscape — especially with data protection laws and AI regulations gaining strength in different countries — having this level of visibility into autonomous agent behavior isn’t just a technical differentiator, it’s practically a market requirement for any company that wants to operate responsibly.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
An important detail that reinforces the seriousness of this initiative: SAP engineers are working side by side with NVIDIA engineers on the open source development of OpenShell. In other words, SAP isn’t just consuming the technology — it’s co-developing the project, contributing back to the open source community with a focus on what enterprises need to run AI agents in production. This includes runtime hardening, policy modeling, integration with corporate identity systems, and audit and governance hooks.
The application layer as a key piece in the trust equation
Jensen Huang has described AI as a five-layer cake: energy, chips, infrastructure, models, and applications. The application layer sits on top — that’s where AI generates real economic value and drives professional productivity. And it’s precisely at that layer where SAP holds a strategic position as a global leader in enterprise applications and business AI.
SAP runs finance, procurement, supply chain, and manufacturing processes for thousands of companies around the world. These are environments where agents need to operate within policy, identity, and process controls — there’s no room for improvisation. Business agents need to understand roles, permissions, data boundaries, and workflows before taking any action.
That’s why SAP’s position at the center of enterprise operations works as a catalyst for agentic AI adoption. When agents know where the limits are and the infrastructure guarantees those limits will be respected, the door to intelligent automation opens much more naturally.
And here’s a really elegant point in the architecture the two companies designed together. There’s a clear complementarity between the security layers:
- NVIDIA OpenShell answers the question: can this agent action be executed safely?
- The Joule Studio runtime — the enterprise control layer within the SAP Business AI Platform — answers the question: should this action happen?
Together, these two layers close a gap that neither could solve alone. One handles the technical security of execution, the other handles business rules and governance. It’s the combination of both that makes the environment truly trustworthy for production operations.
SAP Business AI Platform and the bet on agents for the enterprise world
SAP didn’t arrive at this partnership by accident. The company had already been building its SAP Business AI Platform with a clear focus on integrating artificial intelligence directly into the business processes it has supported for decades — and that includes ERP, finance, human resources, supply chain, procurement, and manufacturing. The challenge, however, has always been the same: how do you bring agent autonomy into these environments without creating vulnerabilities that can be exploited or simply generating errors that are hard to trace in systems that move billions of dollars in operations every day.
With the integration of OpenShell as a runtime security layer in the platform, SAP now offers something the enterprise market has been asking for quite some time: an autonomous agent stack that comes with governance built in — not as an add-on the customer needs to configure later, but as a fundamental part of the architecture. This greatly simplifies the adoption process for large enterprises, which normally need to go through lengthy security assessments before releasing any new technology for production use. When security is already at the infrastructure layer, much of that process is significantly accelerated.
Joule Studio, which is SAP’s environment for building and managing enterprise agents end to end, takes on a central role in this story. It’s within Joule Studio that development teams can create custom agents with the entire OpenShell security infrastructure already integrated. This means there’s no need to build the protection layer from scratch — it comes ready and validated as part of the development environment.
Christian Klein, SAP’s CEO, was pretty direct when talking about the goal of the partnership during SAP Sapphire. The central message was that SAP wants its customers to be able to scale the use of autonomous agents across the most critical processes of their operations, and that this is only possible if trust is built in a technical and verifiable way, not just a declarative one. In other words, it’s not enough to say the agent is secure — you need to demonstrate it with real controls that are auditable and independent of the behavior of the AI model being used.
NemoClaw and the faster path to putting agents in production
Another important piece of this collaboration is NVIDIA NemoClaw, a reference blueprint for developing and deploying autonomous agents. NemoClaw will be available directly within Joule Studio, which in practice gives development teams a structured roadmap that goes from initial agent construction all the way to reliable production deployment.
This is an addition that makes a real difference for anyone in the engineering trenches. Building the entire security, governance, and compliance infrastructure for an autonomous agent is heavy work that consumes time and resources that could be dedicated to innovation. With NemoClaw pre-integrated into Joule Studio, teams get a significant shortcut — without sacrificing the robustness an enterprise environment demands.
It’s like having a complete, well-documented starter kit instead of having to design each component individually. For companies looking to start using agents in financial, procurement, or supply chain processes, this can shave weeks or even months off the implementation cycle.
NVIDIA as a SAP customer: the perspective of someone who lives the problem
One detail a lot of people might not know is that NVIDIA itself is a long-time SAP customer. The company uses SAP to run its finance, supply chain, and logistics processes. This gives both companies a very valuable shared context about what enterprise-grade governance actually means in practice — not in theory, not in pretty presentations, but in the day-to-day operations of a company that deals with global scale.
This firsthand experience with the problem likely contributed a lot to the level of technical detail in the integration. When you’re simultaneously a technology provider and a consumer of the system where that technology is going to run, the chances of delivering something that actually works in production go up considerably.
What changes in practice for those using AI in enterprise processes
For anyone inside a company following the AI adoption journey, this partnership between NVIDIA and SAP represents a pretty concrete turning point. Until now, most autonomous agent deployments in critical enterprise environments required extra layers of human validation precisely because there was no reliable way to ensure the agent wouldn’t make a decision outside acceptable boundaries — whether due to a bug, an ambiguous instruction, or a malicious input. This created a paradox: the agent was autonomous in theory, but in practice it needed constant supervision to function safely.
With OpenShell integrated into SAP’s platform, that paradox is starting to be dismantled structurally. Agent autonomy can be gradually expanded based on clear and verifiable policies, and companies can increase the scope of agent operations as trust is established over time, backed by real behavioral and audit data. This creates a much more mature adoption model, where the evolution of AI usage doesn’t just depend on convincing the board or the legal team, but on presenting concrete technical evidence that the system is operating within the boundaries defined by the organization itself.
Another point worth paying attention to is the impact of this approach on implementation speed. Companies that currently take months to approve the use of an agent in a financial process, for example, can reduce that timeline considerably when the security infrastructure is already pre-validated and integrated into the platform they already use. This not only accelerates ROI on AI initiatives but also allows technology teams to dedicate more energy to thinking about use cases and less energy to solving compliance and governance problems that, with OpenShell, are already covered at the most fundamental layer of the system.
The bigger picture: from assistants to autonomous agents
It’s worth placing this partnership within a larger transition happening in the technology industry. We’re moving out of the era of AI assistants — those tools that answer questions and suggest actions but always depend on a human to execute — and into the era of autonomous agents that can make decisions and take actions on their own within defined parameters.
This shift completely changes the trust equation. When AI was just an assistant, the risk was limited because there was always a human in the loop reviewing everything. With agents that can cross boundaries between applications, access systems of record, and operate without review at every step, the need for technical boundaries, policy enforcement, and audit trails becomes absolutely indispensable.
The partnership between NVIDIA and SAP recognizes this reality and proposes a practical response: instead of slowing down agent adoption out of fear of risks, build the trust infrastructure that allows them to operate safely and at scale. It’s a pragmatic approach that benefits both technical teams and business leaders who need results without compromising operational security.
What to expect going forward
At the end of the day, what NVIDIA and SAP are building together goes well beyond a one-off technical integration. They’re establishing a standard for how autonomous agents should operate in serious enterprise environments — with real security, traceability, verifiable policies, and infrastructure-level containment.
AI agents will only generate real value when companies can trust them with their most sensitive data. For many organizations, that data lives in SAP — which houses the systems of record for finance, procurement, and supply chain that power their operations. With OpenShell and NemoClaw integrated into the SAP ecosystem, the bridge between potential and production gets considerably shorter.
If this standard gains traction in the market — which seems quite likely given the weight of both companies — the way the entire industry thinks about trust in AI agents is going to change significantly in the coming years. And for anyone working in enterprise technology, keeping a close eye on this evolution is going to be essential. 🚀
