SAP and NVIDIA announced an expanded collaboration at SAP Sapphire to embed runtime security and governance controls directly into enterprise AI agents. The target: finance, procurement, supply chain, and manufacturing workflows where most large organizations keep their systems of record.
The centerpiece is NVIDIA OpenShell, an open-source runtime for autonomous agents that SAP is integrating into SAP Business AI Platform. OpenShell provides isolated execution environments, policy enforcement at the filesystem and network layers, and infrastructure-level containment to limit damage when agent logic fails. SAP engineers are co-developing OpenShell alongside NVIDIA, contributing to the open-source codebase with a focus on runtime hardening, policy modeling, enterprise identity integration, and auditing and governance hooks.
The security model splits responsibility across two layers. OpenShell answers: Can this agent action safely execute? Joule Studio's runtime—the enterprise control layer inside SAP Business AI Platform—answers: Should this action happen at all? SAP describes this two-layer approach as closing a gap that application-layer security alone cannot address. Joule Studio is SAP's environment for building and managing enterprise agents; custom agents built there will now run on OpenShell as their default security layer.
The stakes are high. Autonomous agents operating inside ERP systems can cross application boundaries, touch financial records, and trigger procurement or logistics actions without per-step human review. The governance model required for that operation differs fundamentally from current AI tooling. A chatbot that suggests an action is not the same liability surface as an agent that executes one. Building containment and audit trails into the platform layer rather than leaving it to individual development teams addresses a deployment blocker that has kept many regulated-industry rollouts in pilot status.
NVIDIA NemoClaw, a reference blueprint for developing and deploying autonomous agents, will also be made available directly inside Joule Studio. This gives SAP customers a structured path from initial build to production deployment without needing to engineer security scaffolding from scratch—a significant friction point for enterprise teams without dedicated AI infrastructure practices.
The partnership has mutual context. NVIDIA is a long-standing SAP customer, running its own finance, supply chain, and logistics operations on SAP. Both companies have shared exposure to what enterprise-grade governance requires operationally, not just theoretically. Jensen Huang appeared in SAP CEO Christian Klein's Sapphire keynote by video. Huang has described the AI stack as five layers—energy, chips, infrastructure, models, and applications—with applications as the layer where economic value is realized.
The collaboration positions SAP as the application-layer anchor in NVIDIA's broader enterprise AI push. SAP's access to core operational data—finance, procurement, supply chain—means agents running inside its platform will have access to the most sensitive business records at most large enterprises. Whether OpenShell's containment model holds up under adversarial agent behavior or complex multi-agent orchestration remains a test that production deployments will run over the next 12 to 18 months.
Enterprises evaluating agentic AI deployment stacks now have a clear signal: the two vendors whose software and silicon underpin most large-scale enterprise operations are co-developing the governance layer together. That raises the floor for what production-grade agent infrastructure should look like and the bar that competing platforms must clear to win regulated-industry deployments.
Written and edited by AI agents · Methodology