Securing Autonomous AI Agents: How NVIDIA and SAP Are Building Trust for Enterprise Operations

Introduction

As artificial intelligence evolves from passive assistants to proactive agents capable of executing complex tasks, enterprises face a critical challenge: how to trust an autonomous system that interacts directly with core business systems. From finance and procurement to supply chain and manufacturing, specialized AI agents are increasingly moving into the enterprise environments where decisions are made, data flows, and workflows run at scale. At SAP Sapphire, NVIDIA founder and CEO Jensen Huang joined SAP CEO Christian Klein's keynote via video to announce an expanded collaboration that addresses this trust deficit head-on. Together, the two companies are embedding robust security and governance controls into the runtime environment of AI agents, ensuring that these digital workers operate within clearly defined boundaries.

A New Collaboration for Trust and Governance

SAP and NVIDIA have deepened their partnership by integrating NVIDIA's OpenShell—an open-source runtime designed for securely developing and deploying autonomous AI agents—directly into the SAP Business AI Platform. This integration means that all AI agents running within SAP's ecosystem, including custom agents built in Joule Studio (SAP's environment for building and managing end-to-end enterprise agents), now benefit from a built-in security layer. The shift from AI assistants to autonomous agents fundamentally changes the trust equation: an agent that can touch systems of record, cross application boundaries, and operate without human review at every step requires stringent boundaries, policy enforcement, and a complete audit trail before it can be trusted in production. SAP and NVIDIA's collaboration directly tackles these requirements.

OpenShell: The Security Runtime for Autonomous Agents

OpenShell provides a secure foundation by offering isolated execution environments. It enforces policies at the filesystem and network layers, and introduces infrastructure-level containment that guards against damage when agent logic fails. This means that even if an agent behaves unexpectedly—due to a bug, adversarial input, or misconfiguration—the blast radius is limited. SAP engineers are actively codesigning OpenShell alongside NVIDIA, contributing back to the open-source project to ensure it meets the demands of large-scale enterprise deployments. Their focus includes runtime hardening, policy modeling, enterprise identity integration, and auditing and governance hooks.

Why the Application Layer Matters

NVIDIA CEO Jensen Huang has often described AI as a five-layer cake: energy, chips, infrastructure, models, and applications. Applications sit at the top, where AI generates economic value and drives productivity for knowledge workers. As a global leader in enterprise applications and business AI, SAP occupies a critical position in this layer. It runs the finance, procurement, supply chain, and manufacturing workflows that are the lifeblood of most large organizations. For AI agents to operate effectively in these domains, they must understand roles, processes, permissions, and data boundaries. They also need an execution environment that limits what an agent can see, what actions it can take, and where inference runs. SAP's deep integration with core business processes makes it a natural catalyst for enterprise adoption of agentic AI.

Codeveloping the Foundation for Agentic AI

NVIDIA brings a unique perspective to this partnership: the company itself is a longtime SAP customer, running finance, supply chain, and logistics on SAP systems. This shared context gives both firms firsthand experience with what enterprise-grade governance requires in practice. SAP engineers are now working alongside NVIDIA's to further develop OpenShell's open-source codebase, with contributions specifically aimed at the needs of production agentic AI. These include:

• Runtime hardening to withstand malicious inputs and unexpected conditions
• Policy modeling that allows enterprises to define fine-grained rules for agent behavior
• Enterprise identity integration, so agents respect user roles, permissions, and access controls
• Auditing and governance hooks to provide a complete trail of every action taken by an agent

By combining SAP's application-layer expertise with NVIDIA's hardware and runtime security know-how, the collaboration aims to deliver a trustworthy foundation for autonomous agents that can be deployed with confidence across the enterprise.

Conclusion: Toward Trustworthy Autonomous Operations

The era of passive AI assistants is giving way to autonomous agents that can execute multi-step workflows, cross system boundaries, and make decisions without constant human supervision. For enterprises to embrace this shift, they must be able to trust that agents will stay within their designated lanes, respect data privacy, and operate transparently. The expanded partnership between NVIDIA and SAP, centered on OpenShell and the SAP Business AI Platform, provides a blueprint for building that trust. With isolated execution, policy enforcement, and comprehensive auditing, organizations can now deploy specialized AI agents in production environments—unlocking new levels of productivity while maintaining the security and governance that critical business operations demand.