SAP to Embed NVIDIA OpenShell into SAP Business AI Platform to Harden Enterprise Agents

SAP will embed NVIDIA OpenShell into the SAP Business AI Platform and its engineers will co-design and contribute code back to the open-source project, the companies announced at SAP Sapphire; NVIDIA founder and CEO Jensen Huang joined SAP CEO Christian Klein’s keynote by video. The integration is intended to harden enterprise AI agents by adding a runtime layer that isolates execution and enforces policies, reducing risk when agents interact with critical systems.

OpenShell is described as an open-source runtime that creates isolated execution environments and enforces policies at filesystem and network layers, providing infrastructure — level containment to limit damage when agent logic fails. Within the SAP Business AI Platform, OpenShell will serve as the runtime security layer for SAP AI agents, including custom agents built and managed in Joule Studio, ensuring agent processes run under controlled constraints.

The collaboration responds to a practical shift from conversational assistants toward autonomous, specialized agents that act on behalf of users and touch systems of record across finance, procurement, supply chain and manufacturing. NVIDIA’s Jensen Huang has framed AI as five stacked layers — energy, chips, infrastructure, models and applications — and SAP’s role at the application layer places these agents directly in workflows that create enterprise value.

SAP and NVIDIA say the combined stack is designed to close gaps that application — layer security alone cannot. OpenShell will evaluate whether a proposed agent action can safely execute, while the Joule Studio runtime will enforce whether an action should be allowed to run. The partnership emphasizes policy enforcement, identity integration and searchable audit trails as prerequisites for running agents in production. To help builders move from prototype to production, NVIDIA’s NemoClaw—a reference blueprint for autonomous agents — will be available directly within Joule Studio. That integration is intended to give development teams a structured route to production — ready deployments without forcing them to engineer the underlying security scaffold from scratch.

SAP and NVIDIA point developers and operators to OpenShell and NemoClaw for technical details and note that additional software product information can be found in the project notices. The companies frame these measures as a way to let agents operate inside enterprise boundaries while protecting the systems of record that reside in SAP.