NVIDIA and SAP Forge Security Framework for Enterprise AI Agents

Breaking: SAP and NVIDIA Launch Trust Layer for Autonomous Enterprise Agents

In a major move to secure enterprise adoption of autonomous AI, SAP and NVIDIA today announced an expanded collaboration focused on governance and security for specialized AI agents. The announcement, made at the SAP Sapphire conference in Orlando, comes as businesses rush to deploy agents that can independently execute finance, procurement, supply chain, and manufacturing workflows.

“Without guardrails, autonomous agents are a liability,” said Jensen Huang, founder and CEO of NVIDIA, in a pre-recorded video message during SAP CEO Christian Klein’s keynote. “Our collaboration with SAP ensures these agents can operate within enterprise boundaries with full auditability.”

The centerpiece of the collaboration is NVIDIA OpenShell, an open-source runtime for developing and deploying secure autonomous AI agents. SAP is embedding OpenShell into its SAP Business AI Platform, providing isolated execution environments, policy enforcement at the filesystem and network layers, and infrastructure-level containment when agent logic fails.

“Enterprises need agents that can touch core systems of record but still respect security policies and compliance requirements,” said Christian Klein, CEO of SAP. “OpenShell gives us the runtime security layer to make that possible.”

Background: The Shift from Assistants to Autonomous Agents

Enterprise AI is evolving rapidly from simple chat-based assistants to autonomous agents that can take actions across business applications. These agents must operate within existing SAP systems that manage finance, procurement, supply chain, and manufacturing—systems that require strict policy, identity, and process controls.

NVIDIA’s Huang has described AI as a “five-layer cake”: energy, chips, infrastructure, models, and applications. The application layer sits at the top, where economic value is created. SAP’s position as a global leader in enterprise applications makes it a catalyst for agentic AI adoption—but only if security is built in from the start.

To address this, OpenShell provides sandboxed execution that limits what an agent can see, what actions it can take, and where inference runs. SAP engineers are also co-designing OpenShell alongside NVIDIA, contributing back to the open-source project with enterprise-grade features like runtime hardening, policy modeling, identity integration, and audit hooks.

Notably, NVIDIA itself is a long-standing SAP customer, running its own finance, supply chain, and logistics on SAP. This gives both companies real-world insight into what enterprise governance requires in practice.

What This Means for Enterprises

For businesses, the shift from AI assistants to autonomous agents fundamentally changes the trust equation. An agent that can touch systems of record, cross application boundaries, and operate without human review at every step needs clearly defined boundaries, policy enforcement, and a complete audit trail before it can become part of production workflows.

The SAP-NVIDIA collaboration directly addresses this challenge. By embedding OpenShell into the SAP Business AI Platform, enterprises can now build and deploy custom agents in Joule Studio—SAP’s environment for managing end-to-end enterprise agents—with a built-in security runtime. All SAP AI agents, including those built by customers, will run on OpenShell by default.

This approach ensures that enterprise governance controls are not an afterthought but are integrated at the infrastructure level. In practice, this means less risk of agent misbehavior, easier compliance with industry regulations, and faster approval for AI-driven automation in core business processes.

The partnership also signals a broader industry trend: as agentic AI moves from pilots to production, the companies that run the world’s enterprise technology are recognizing that security and governance must be foundational—not features added later. For SAP and NVIDIA, the goal is to create the industry standard for trustworthy autonomous agents.

Key Takeaways:

• Runtime security layer: OpenShell provides isolated execution environments for all SAP AI agents.
• Open-source collaboration: SAP engineers are actively contributing to NVIDIA OpenShell.
• Enterprise-first design: Policy enforcement, identity integration, and audit trails are built in.
• Immediate availability: OpenShell is now embedded in SAP Business AI Platform and Joule Studio.

As enterprises race to automate decision-making across supply chains, financial systems, and manufacturing floors, the NVIDIA-SAP partnership is giving them the confidence to let agents work autonomously—without compromising trust.