Every few years, a piece of open-source software comes out that changes how the industry thinks about computing. Linux did it for servers. Docker did it for deployment. OpenClaw – the autonomous AI agent platform that transformed from niche curiosity to the fastest-growing open-source project in history in just a few weeks – may be doing just that for software.
Nvidia CEO and co-founder Jensen Huang made his position clear at GTC 2026 this week: "OpenClaw is the operating system for personal AI. This is the moment the industry has been waiting for – the beginning of a new renaissance in software." And Nvidia wants to be the company that makes it enterprise-ready.
At its annual mega GTC 2026 conference in San Jose this week, Nvidia unveiled NemoClaw, a software stack that integrates directly with OpenClaw and installs in a single command. It also came with Nvidia OpenShell, an open-source security runtime designed to deliver autonomous AI agents – or “claws”As the industry is increasingly calling them – the guardrails they need to operate inside a real enterprise environment. Along with both, the company announced an expanded Nvidia Agent Toolkit, a full-stack platform for building and running production-grade agentic workflows.
Jensen Huang’s message was clear. "Cloud Code and OpenCloud have given rise to the agent inflection point – extending AI beyond generation and reasoning into action," the Nvidia CEO said before the conference. "Employees will be supercharged by teams of frontier, specialized and custom-built agents that they deploy and manage." Watch my video overview of it below and read on for more:
Why ‘claws’ – and why it matters that Nvidia is using the term
The terminology shift happening within enterprise AI circles is subtle but important. Internally, teams building with OpenClause and similar platforms have started calling themselves personal autonomous agents. claws – a nod to the platform name, but also a useful shorthand for a new class of software that’s fundamentally different from the chatbots and co-pilots of the last two years.
As Kari Brisky, Nvidia’s vice president of generic AI software, put it during a Sunday briefing: "Paws are autonomous agents that can plan, act and execute tasks on their own – they have gone from simply thinking and executing tasks to achieving entire missions."
This framing matters to IT decision makers. Claws aren’t just helpful. They are persistent, tool-using programs that can write code, browse the web, manipulate files, make API calls, and perform a series of actions simultaneously over hours or days without human input. The productivity increase is substantial. The attack surface is also similar. That’s exactly the problem Nvidia is hiring Nameklow to solve.
The demand of the enterprise is not imaginary. Harrison Chase, founder of Langchain – whose open-source agent framework has been downloaded more than a billion times – put it clearly in a recent episode of VentureBeat beyond the pilot podcast: "I guarantee every enterprise developer wants to put a secure version of OpenClaw on their computers or expose it to their users." He clarified that the obstacle has never been interest. This is due to the lack of a reliable security and governance layer beneath it. Nameklow is Nvidia’s answer to that gap – and specifically, is one of the launch partners for the Langchain Agent Toolkit and OpenShell integration.
What Nemoclaw actually does – and what it doesn’t replace
NemoClaw is not a competitor to OpenClaw (or the many alternatives now). It is best understood as an enterprise wrapper around it – a distribution that ships with the components that a security-conscious organization actually needs before delivering it to an autonomous agent near production systems.
The stack consists of two main components. The first is Nvidia Nemotron, Nvidia’s family of open models that can run locally on dedicated hardware rather than routing queries through an external API. The Nemotron-3-Super scored the highest of all open source models on PinchBench, a benchmark that tests the types of functions and tool calls required by OpenClause.
The second is OpenShell, the new open-source security runtime that runs each claw inside a separate sandbox – effectively a Docker container with configurable policy controls written in YAML. Administrators can define precisely what files an agent can access, what network connections it can make, and which cloud services it can call. Everything outside those limits is blocked.
Nvidia describes OpenShell as providing the missing infrastructure layer beneath the claws – giving them the access they need to be productive while implementing policy-based security, network and privacy guardrails.
For organizations that have been watching the rise of OpenCL with a mix of excitement and fear, this is a worthwhile development. Early iterations of OpenClaw were, by common consensus, a security liability – powerful and fast-running, but essentially unrestricted. NemoClaw is the first attempt by a major hardware vendor to make power manageable at enterprise scale.
Hardware angle: Always-on agents require dedicated compute
One aspect of Nemoclaw that deserves more attention than ever is the hardware strategy underlying it. The claws, by design, are always on – They don’t wait for a person to open their browser tab. They are constantly on the go, monitoring inboxes, executing tasks, creating tools, and completing multi-step workflows around the clock.
This requires dedicated compute that does not compete with the rest of the organization’s workload. Nvidia has a clear interest in pointing enterprises toward its own hardware for this purpose.
NemoClaw is designed to run on Nvidia GeForce RTX PCs and laptops, RTX PRO Workstations, and the company’s DGX Spark and DGX Station AI supercomputers. Hybrid architecture allows agents to use Nemotron models running locally for sensitive workloads privacy router Directing queries to the Frontier Cloud model when higher capacity is required – without exposing private data to those external endpoints.
It’s an elegant solution to a real problem: Many enterprises aren’t yet ready to send customer data, internal documents, or proprietary code to cloud AI providers, but they still need model capacity that exceeds what they can run locally. NemoClaw’s privacy router architecture threads that needle, at least in theory.
What do clawbacks really look like in enterprise
Before evaluating a platform, it helps to understand what a real working claw looks like in practice. The two partner integrations announced with Nameclaw provide the clearest window into where this is going.
box This is perhaps the most illustrative case for organizations that manage large amounts of unstructured enterprise content.
Box is integrating the Nvidia Agent Toolkit to enable vendors who use the Box file system as their primary working environment with pre-built skills for invoice extraction, contract lifecycle management, RFP sourcing, and GTM workflows.
The architecture supports hierarchical agent management: a basic claw – such as a client onboarding agent – can spin off specialized sub-agents to handle different tasks, all governed by the same OpenShell policy engine.
Crucially, an agent’s access to files in Box follows exactly the same permissions model that governs human employees – enforced through OpenShell’s gateway layer before any data is exchanged. Every action is logged and accounted for; No shadow copies are stored in agent memory. As Box wrote in its announcement blog, “Organizations need to know which agent touched which file when and why – and they need the ability to immediately revoke access if something goes wrong.”
Cisco’s The integration perhaps offers the clearest example of what OpenShell Rails enables in practice. The Cisco security team has published a scenario in which a zero-day vulnerability advisory is issued on Friday evening.
Instead of triggering a weekend-long manual scramble—pulling asset lists, pinging on-call engineers, mapping blast radii—a claw running inside OpenShell autonomously queries the configuration database, maps affected devices against the network topology, formulates a prioritized remediation plan, and produces an audit-grade trace of every decision it makes.
Cisco AI Defense validates each tool call against the approved policy in real time. The entire response is completed in approximately one hour with complete records meeting compliance requirements.
"We’re not trusting the model to do the right thing," The Cisco team mentioned in their technical article. "We’re disrupting it so that the right thing is the only thing it can do."
An Ecosystem Game: The Partners Behind the Stack
Nvidia isn’t doing it alone. The Agent Toolkit and OpenShell announcements came with a significant roster of enterprise partners – Box, Cisco, Atlassian, Salesforce, SAP, Adobe, CrowdStrike, Cohesity, IQVIA, ServiceNow, and more than a dozen others – whose depth of integration signals how seriously the broader software industry is taking the agentic transformation.
On the infrastructure side, OpenShell is available today on build.nvidia.com, supported by cloud inference providers including CoreWeave, Together AI, Fireworks, and DigitalOcean, and can be deployed on-premises on servers from Cisco, Dell, Apache, Lenovo, and Supermicro. Agents built within OpenShell can continuously acquire new skills using coding agents including cloud code, codecs, and cursors – each newly acquired capability subject to the same policy controls as the original deployment.
Separately, Nvidia announced nemotron alliance – A collaborative initiative bringing together Mistral AI, Perplexity, Cursor and Langchain to co-develop the Open Frontier Model. The first project of the alliance is a base model co-developed with Mistral that will underpin the upcoming Nemotron 4 family, aimed specifically at agentic use cases.
What enterprise leaders should look for
NemoClaw’s announcement marks a turning point in how enterprise AI is likely to be discussed in boardrooms and procurement meetings over the next twelve months. the question is no longer whether Organizations will deploy autonomous agents. The industry has clearly moved on from that debate. the question now is How – With what controls, on what hardware, using what model, and with what audit trail.
Nvidia’s answer is a vertically integrated stack that spans silicon, runtime, model, and security policy. For IT leaders evaluating their agentive roadmap, NemoClaw represents a significant effort to provide all four layers from a single vendor, with meaningful third-party security integrations already in place.
The risks are not trivial. OpenShell’s YAML-based policy model will require operational maturity that most organizations are still building. Paws that can evolve on their own and acquire new skills – as Nvidia’s architecture clearly enables – raise governance questions that no sandbox can fully resolve. And the concentration of agentic infrastructure in a single vendor’s stack carries familiar platform risks.
He said that the direction is clear. The claws are coming at the Enterprise. Nvidia simply placed its bet on becoming the platform on which they run – and the guardrails that keep them in bounds.
<a href