aicoolies logo

NVIDIA OpenShell

Secure sandboxed runtime for AI agent execution

Share
open-sourceOpen Source
Visit Website →

NVIDIA OpenShell provides kernel-level isolation for AI agent workloads with Landlock, seccomp, and network namespace sandboxing. Announced at GTC 2026 with 17 enterprise partners including Adobe, Atlassian, SAP, and Salesforce, it offers declarative YAML policy enforcement, L7 HTTP inspection, and GPU passthrough — purpose-built to contain the blast radius when autonomous coding agents interact with filesystems and networks.

NVIDIA OpenShell is an open-source runtime security framework specifically designed for AI agent workloads. As coding agents like Claude Code, Codex, and OpenCode gain direct access to filesystems, shell commands, and network resources, the security implications grow proportionally. OpenShell addresses this by providing kernel-level isolation using Landlock for filesystem access control, seccomp for system call filtering, and network namespaces for network isolation — all configured through a declarative YAML policy engine that lets teams define exactly what an agent is allowed to do.

Announced at NVIDIA GTC 2026 with backing from 17 major enterprise partners including Adobe, Atlassian, SAP, Salesforce, ServiceNow, Siemens, Cisco, CrowdStrike, Red Hat, and Box, OpenShell is positioned as critical infrastructure for the agentic AI era. Its L7 HTTP inspection proxy can intercept and filter agent network requests before they leave the sandbox, preventing data exfiltration or unauthorized API calls. GPU passthrough support means agents can still leverage hardware acceleration for compute-intensive tasks while remaining fully sandboxed. The NemoClaw reference stack builds on OpenShell specifically for securing OpenClaw deployments.

For development teams adopting AI coding agents at scale, OpenShell provides the security boundary that makes autonomous code execution acceptable in enterprise environments. If a compromised agent attempts to access restricted directories, make unauthorized network requests, or execute dangerous system calls, OpenShell blocks the action at the kernel level — not through prompt-level guardrails that can be bypassed. The project is Apache-2.0 licensed with over 4,200 GitHub stars and active development as a core component of the NVIDIA Agent Toolkit.

Pricing

Free and open source (Apache-2.0). Part of NVIDIA Agent Toolkit.

Platforms

Linux (kernel-level sandboxing). Docker deployment. GPU passthrough support for NVIDIA GPUs.

Categories

Tags

Use Cases

Alternatives

E2B logo

E2B

Secure cloud sandboxes for AI agents

E2B provides secure cloud sandboxes that let AI agents execute code, run terminal commands, and interact with filesystems in isolated environments. Each sandbox spins up in ~150ms with its own OS, giving agents a safe space to run untrusted code. Supports Python, JavaScript, and any language via custom Dockerfiles. Used by AI coding assistants, data analysis agents, and code interpreters. SDK available for Python and JavaScript with a simple API for programmatic sandbox control.

freemiumOpen Source
Microsandbox logo

Microsandbox

Local microVM sandboxes for AI agent code execution

Microsandbox provides hardware-level isolated sandboxes for AI agents to execute code safely on local machines. Using libkrun microVMs and a 320ms bare-metal Linux/KVM homepage benchmark, it offers stronger isolation than Docker containers while staying lightweight enough for dev workstations. OCI-compatible with Python and Node.js runtimes. Apache-2.0 licensed with 6.6K+ GitHub stars.

open-sourceOpen Source
Lume logo

Lume

macOS and Linux VM runtime for AI agents on Apple Silicon

Lume is an open-source CLI for creating and managing macOS and Linux virtual machines on Apple Silicon, built specifically for AI agent sandboxing, CI/CD pipelines, and desktop automation. Using Apple's native Virtualization.Framework for near-native performance, it provides the missing isolation layer for running coding agents safely — so an accidental destructive command doesn't affect your host machine.

open-sourceOpen Source

Related Tools

Hermes Agent logo

Hermes Agent

Top Pick

Open-source AI agent framework with persistent memory, reusable skills, tools, and messaging gateways

Hermes Agent is an open-source AI agent framework with persistent memory, reusable skills, 40+ tools, cron jobs, and messaging gateways.

open-sourceOpen Source

Accomplish Coworker

Open-source desktop AI coworker for browsing and code execution.

Accomplish Coworker is an MIT-licensed open-source AI coworker that runs on the desktop, combining computer-use style browsing with code execution so agents can research, implement, run, and debug workflows in one local environment.

open-sourceOpen SourceTelemetry

Headroom

Context compression for LLM apps and coding agents

Headroom is an Apache-2.0 context compression layer for LLM apps and coding agents. It compresses tool output, logs, files, RAG chunks, and agent history through a local library, proxy, wrapper, or MCP server, with retrieval hooks for bringing originals back when needed. Treat its savings numbers as Headroom-reported benchmarks, not independent aicoolies measurements.

open-sourceOpen SourceTelemetry

Codebase Memory MCP

Codebase knowledge graph MCP server for AI coding agents

Codebase Memory MCP is an MIT-licensed MCP server that turns a repository into a persistent code knowledge graph for AI coding agents. It gives Claude Code, Cursor, Codex-style agents, and other MCP clients structural queries for functions, classes, call chains, routes, and architecture, helping them explore large projects without repeatedly rereading files or relying only on broad search.

open-sourceOpen SourceTelemetry

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source
BeeAI Framework logo

BeeAI Framework

Python and TypeScript framework for production multi-agent systems

BeeAI Framework is an Apache-2.0 toolkit for building production-ready AI agents and multi-agent systems in Python and TypeScript. Its docs cover agents, tools, RAG, memory, workflows, backend providers, serving, and A2A/MCP integration surfaces, making it a vendor-neutral option for teams comparing LangGraph, CrewAI, Mastra, and related agent runtimes.

open-sourceOpen SourceTelemetry

Used in Stacks