Blog
Back to all posts

NemoClaw: NVIDIA's Security Sandbox for AI Agents

AISecurityAgentsNVIDIAOpen Source

NVIDIA just open-sourced NemoClaw — a security sandbox that wraps around OpenClaw agents and locks them down with Landlock, seccomp, and network namespace isolation. It's not a competitor to agent frameworks — it's the missing security layer.

What NemoClaw Actually Does

NemoClaw installs NVIDIA's OpenShell runtime, creates a sandboxed container, and routes all inference through NVIDIA's cloud. Every network request, file access, and API call is governed by declarative policy. The agent runs free inside its sandbox — but can't escape it.

The Security Stack

  • Network isolation — declarative egress policies, hot-reloadable at runtime. Unauthorized outbound connections are blocked and surfaced for operator approval.
  • Filesystem lockdown — agents can only read/write inside /sandbox and /tmp. No access to host filesystem.
  • Process sandboxing — privilege escalation and dangerous syscalls blocked via seccomp profiles.
  • Inference routing — all model API calls are intercepted and routed through controlled backends.

Why This Matters

Running autonomous agents in production is terrifying. They can execute code, access the internet, read files, and make decisions — all without human approval for each step. Most agent frameworks punt on security entirely, relying on "just don't give it root" as the security model.

NemoClaw takes the opposite approach: default deny everything, then whitelist what the agent needs. Same principle behind container security, Kubernetes network policies, and AWS IAM — applied to AI agents.

The Operator Approval Flow

When an agent tries to reach an unauthorized host, NemoClaw blocks the request and surfaces it in a TUI for operator approval. This lets you give an agent freedom to explore while maintaining a human in the loop for anything unexpected. Like a firewall with "ask before allowing".

What's Missing

  • Only NVIDIA Nemotron models via cloud API — no local inference, no Anthropic/OpenAI
  • Linux only (Ubuntu 22.04+)
  • Single agent per sandbox — no multi-tenant isolation
  • No knowledge graph, memory management, or tool framework — purely a security layer

Bottom Line

NemoClaw doesn't make agents smarter. It makes them safer. As agents move from demos to production, "safe by default" will be the difference between a useful tool and a liability.

Apache 2.0 licensed: github.com/NVIDIA/NemoClaw