In the few short weeks since OpenClaw became the biggest story in agentic AI, it has been dogged by concerns that it is not secure enough to be safely let loose in enterprises.
This week at the Nvidia GPU Technology Conference (GTC) conference, CEO Jensen Huang announced what he believes is the answer: NemoClaw.
Built in consultation with OpenClaw’s creator, Peter Steinberger, NemoClaw is based on Nvidia Agent Toolkit, part of the broader NeMo ecosystem for building AI agents.
The security innovation is Nvidia OpenShell, a new security and policy enforcement guardrail that integrates with the OpenClaw command line.
The company decided to build NemoClaw after realizing that what Steinberger had created in OpenClaw was an agentic “operating system,” Huang said. “It is no different to how Windows made it possible to create personal computers. Now OpenClaw has made it possible for us to create personal agents,” he added.
Huang compared OpenClaw’s significance to that of the arrival of Linux and HTML in the 1990s, noting that it has given the AI industry exactly what it needed to accelerate agentic AI.
“Every company in the world today needs to have an OpenClaw strategy,” he said. “This is the new computer. Post-OpenClaw, post-agentic […] every SaaS company will become an agentic-as-a-service company.”
Security sandbox
Last year, the release of Chinese company DeepSeek’s super-efficient R1 model suggested that big AI might not be the only available future. This year, thanks to the work of a single developer, Steinberger, it’s the turn of agentic AI.
Until recently, the assumption was that this year’s autonomous agents would be chatbot front ends connecting most of the time to cloud platforms such as Microsoft AutoGen, Google Vertex AI, or OpenAI’s Assistants API.
The rapid ascent of OpenClaw (formerly Clawdbot and Moltbot) in early 2026 has shown that agentic, or ‘edge,’ AI represents an alternative model in which agentic processing happens on local devices such as PCs.
OpenClaw’s ascent was so rapid that by mid-February, only weeks after it became widely known, Steinberger was hired by OpenAI, and OpenClaw became an internal open-source project.
At the same time, OpenClaw’s security shortcomings were generating plenty of negative headlines, with researchers finding security flaws galore, including ways in which a device running it could be compromised remotely.
NemoClaw’s answer is to isolate OpenClaw using the OpenShell runtime. This contains several security layers, including kernel-level sandboxing and a “privacy router” that monitors OpenClaw’s behavior and communication with other systems. For example, if it detects OpenClaw sending sensitive data somewhere it shouldn’t, it steps in to block the action.
This is central to mitigating the security issues that might otherwise hold back the deployment of OpenClaw, or third-party “claws”, in enterprises. It’s also the layer researchers will doubtlessly soon be poring over for CVE-level weaknesses.
Hardware agnostic
For enterprises wary of lock-in, the first question they will ask is what Nvidia gains from NemoClaw. NemoClaw’s OpenShell is fully open source, an attempt to turn it into the gold standard for agentic claw security.
The underlying hardware is not vendor specific either; NemoClaw is agnostic and will run on any hardware, not just Nvidia’s. However, it is still optimized for the Nvidia-specific technologies such as Nvidia Inference Microservices (NIM), even if it technically works with other microservices.
“Nvidia is doing what Nvidia always does. They are pulling the center of gravity toward their stack,” commented Zahra Timsah, CEO of AI governance platform i-GENTIC AI. “Developers will be attracted to [NemoClaw], not because it is better, but because it is faster on Nvidia hardware and easier if you are already in that ecosystem,” she said.
But it still lacks elements essential for developers: “The missing piece is not tooling. It is control. Real developers building agentic systems want observability, policy enforcement, rollback, and audit trails,” said Timsah.
“For enterprises, this [announcement] makes OpenClaw more usable from an infrastructure standpoint. It helps run agents closer to data,” she observed. “But it does not solve governance, consistency, or cross system reasoning. So, the real question is not ‘Can agents run at the edge?’ It’s ‘Can you trust what they do when no one is watching?’”
This article originally appeared on CIO.com.
No Responses