At GTC 2026, NVIDIA announced NemoClaw — an enterprise wrapper around OpenClaw that adds the security and governance layer that’s been missing from autonomous AI agents. Jensen Huang called OpenClaw “the operating system for personal AI” and positioned NemoClaw as the stack that makes it safe for enterprise use.

This isn’t a competitor to OpenClaw. It’s the infrastructure layer underneath it.

What NemoClaw Actually Is

NemoClaw installs in a single command and adds two things to OpenClaw:

Nemotron models — NVIDIA’s open models that run locally on your hardware. No data leaving your network, no API calls to external providers for sensitive workloads.

OpenShell — an open-source security runtime that sandboxes each agent (or “claw”) in an isolated container. Administrators define permissions in YAML: which files an agent can access, which network connections it can make, which cloud services it can call. Everything outside those bounds is blocked.

The clever part is the privacy router. Sensitive workloads run on local Nemotron models. Non-sensitive queries get routed to frontier cloud models for higher capability. You get the power of Claude or GPT without sending your proprietary data through their APIs.

The Cisco Use Case

The most compelling demo came from Cisco’s security team. The scenario: a zero-day vulnerability advisory drops on a Friday evening.

Instead of the usual weekend scramble — pulling asset lists, pinging on-call engineers, mapping blast radius manually — a claw running inside OpenShell autonomously queries the configuration database, maps impacted devices against the network topology, generates a prioritized remediation plan, and produces an audit-grade trace of every decision it made. The entire response completes in about an hour.

The Cisco team’s framing is worth remembering: “We are not trusting the model to do the right thing. We are constraining it so that the right thing is the only thing it can do.”

That’s the right mental model for deploying AI agents in production. Trust the constraints, not the model.

The Hardware Strategy

Always-on agents need dedicated compute. They don’t wait for someone to open a browser tab — they run continuously, monitoring, executing, building. That requires hardware that doesn’t compete with the rest of your workloads.

NemoClaw runs on GeForce RTX PCs, RTX PRO workstations, and NVIDIA’s DGX Spark and DGX Station. NVIDIA is selling the silicon that agents live on 24/7. It’s a smart play — the more agents companies deploy, the more dedicated hardware they need.

The Partner Ecosystem

The launch partner list signals how seriously the enterprise software industry is taking this: Box, Cisco, Atlassian, Salesforce, SAP, Adobe, CrowdStrike, ServiceNow, LangChain, and more.

Box’s integration is particularly interesting — claws operate on enterprise files with the same permissions model as human employees. A parent claw can spawn sub-agents for invoice extraction, contract management, or RFP workflows, all governed by the same OpenShell policy engine.

LangChain is a launch partner for OpenShell integration, and NVIDIA announced the Nemotron Coalition with Mistral AI, Perplexity, Cursor, and LangChain to co-develop open frontier models specifically for agentic use cases.

What This Means for Engineering Teams

If you’re running infrastructure or platform engineering, a few things stand out:

Governance is now a first-class concern. OpenShell’s YAML-based policy model is the kind of thing that ISO 27001 auditors will want to see. If your company is deploying agents, you need a story for “what can this agent access, and how do we audit it?”

The scaffolding matters more than the agent. This is the same pattern we’ve seen from OpenAI’s harness engineering post and from companies like Factory — the agent is the easy part. The hard part is the environment it operates in: permissions, sandboxing, policy enforcement, audit trails.

Always-on agents change the compute model. If your agents are running 24/7, they need dedicated resources. That’s a capacity planning conversation your SRE team should be having now, not after deployment.

“Boring” security wins. YAML policy files, container isolation, permission-based file access, audit logging. None of this is new technology. It’s well-understood infrastructure patterns applied to a new problem. The teams that already think in terms of least-privilege access and blast radius containment are going to adapt fastest.

The Bigger Picture

Deloitte’s 2026 State of AI report found that only 1 in 5 companies has a mature governance model for autonomous AI agents. Goldman Sachs coined “orchestration risk” — the danger that AI agent layers will bypass traditional software platforms entirely.

NemoClaw is NVIDIA’s answer to both problems: a governed runtime for the agents that are coming whether enterprises are ready or not. The companies that figure out the scaffolding — security policies, audit trails, permission models, dedicated compute — are the ones that will actually deploy agents in production. Everyone else will be stuck in pilot mode.

Further Reading

• NVIDIA NemoClaw announcement
• VentureBeat deep dive