From Demos to Production: Why Enterprise AI Agents Need Trust by Design
Enterprise AI agents are shifting from passive copilots to active participants in business processes, where they execute tasks, invoke tools and operate continuously across systems of record. This evolution raises a new class of risk: once agents can access shells, files, networks, credentials and APIs, traditional chatbot-era safeguards no longer suffice. At SAP Sapphire, this reality framed the expanded collaboration between SAP and NVIDIA, highlighted when NVIDIA founder and CEO Jensen Huang joined SAP CEO Christian Klein’s keynote by video. Customers want step-change productivity from enterprise AI agents, but only if those agents are safe, governable and auditable from day one. The partnership aims to remove the false trade-off between innovation and control, embedding AI agent security and AI governance frameworks into the execution model itself so organizations can confidently move from pilots to production deployment at scale.
NVIDIA OpenShell: Secure Runtime as the Foundation for AI Agent Security
At the heart of the collaboration is NVIDIA OpenShell, an open source runtime designed for securely developing and deploying autonomous AI agents. OpenShell provides isolated execution environments, strict policy enforcement at the filesystem and network layers, and infrastructure-level containment that limits the blast radius if agent logic fails. Within SAP Business AI Platform, OpenShell becomes the runtime security layer for all SAP AI agents, including custom enterprise AI agents created in Joule Studio. In effect, OpenShell asks a critical question for AI agent security: Can this agent action safely execute? By delivering sandboxed execution and runtime controls, it addresses the foundational requirement for specialized AI agents that may operate across finance, procurement, supply chain or manufacturing workflows. This runtime layer is necessary, but not sufficient; it must be tightly integrated with business semantics, identity and process controls to achieve true enterprise-grade governance.
SAP’s Enterprise Lens: Governance, Identity and Business-Aware Controls
SAP brings decades of experience running mission-critical, regulated processes at massive scale, which shapes how secure AI agent execution must work in practice. By feeding real SAP agentic workloads into the joint effort, SAP helps define isolation boundaries that reflect enterprise risk models, policy enforcement aligned with business constraints and auditability that can withstand internal and regulatory scrutiny. In SAP Business AI Platform, Joule Studio runtime extends OpenShell’s safety guarantees with business-aware policy semantics such as roles, skills and lifecycle management. This is where questions like which business role authorizes an action, which process context applies, and how actions map to enterprise policies are answered. Joule Studio runtime effectively asks: Should this action happen at all? Combined, these capabilities enable specialized AI agents that operate inside SAP processes without bypassing governance, while producing clear audit trails that security and compliance teams can inspect and trust.
A Unified Governance Framework for Specialized Enterprise AI Agents
Together, SAP and NVIDIA are co-developing an execution and control stack that closes a critical gap in AI governance frameworks. Application-layer rules alone cannot manage autonomous agents that cross data and application boundaries without constant human review. By integrating NVIDIA OpenShell as the secure execution substrate and SAP’s Joule Studio runtime as the enterprise control layer, the partnership delivers a coordinated answer to both safety and policy. OpenShell constrains what an agent can technically do and see, while SAP’s layer interprets enterprise identity, permissions and process context to decide whether those actions align with policy. This joint design directly targets the needs of enterprises ready to scale specialized AI agents in production: consistent enforcement of boundaries, unified audit trails across systems and confidence that AI agent security is not an afterthought, but a built-in property of the entire stack that underpins autonomous business workflows.