Building Trust in Enterprise AI Agents: How NVIDIA and SAP Are Securing the Future of Autonomous Workflows

As specialized AI agents move from experimental labs into the core of enterprise operations—handling finance, procurement, supply chain, and manufacturing—the need for trust, security, and governance becomes critical. At SAP Sapphire 2024, NVIDIA and SAP announced an expanded collaboration to embed robust security controls into the SAP Business AI Platform, ensuring that autonomous agents operate safely within defined boundaries. This partnership leverages NVIDIA's open-source OpenShell runtime, co-designed by both companies, to provide isolated execution environments, policy enforcement, and audit trails. Below, we explore the key questions around this groundbreaking initiative.

What makes autonomous AI agents different from traditional AI assistants in enterprise systems?

Traditional AI assistants typically provide information or suggestions but require human approval before taking action. Autonomous agents, however, can directly interact with systems of record, cross application boundaries, and execute tasks without step-by-step human review. This shift fundamentally changes the trust equation for enterprises. An agent that can modify financial records, adjust supply chain orders, or trigger manufacturing workflows needs explicit boundaries, policy enforcement, and a full audit trail before it can be trusted in production. Without these safeguards, even a small logic failure could cause significant damage. The NVIDIA-SAP collaboration addresses this by embedding security at the runtime level, ensuring that every agent action is contained, logged, and verified against enterprise policies.

Source: blogs.nvidia.com

How are SAP and NVIDIA specifically securing AI agents within the SAP Business AI Platform?

The core of the security solution is the integration of NVIDIA OpenShell—an open-source runtime for developing and deploying autonomous AI agents—directly into the SAP Business AI Platform. OpenShell acts as the security layer for all SAP AI agents, including custom agents built in Joule Studio, SAP’s environment for building and managing enterprise agents. SAP engineers are actively co-developing OpenShell alongside NVIDIA, contributing back to the open-source project with enterprise-grade features such as runtime hardening, policy modeling, identity integration, and auditing hooks. This means every agent, whether for finance, procurement, or manufacturing, operates within an isolated execution environment with filesystem and network-level policy enforcement, preventing unauthorized access and containing any failures.

What exactly is OpenShell and how does it enforce security at the infrastructure level?

OpenShell is an open-source runtime designed specifically for securely developing and deploying autonomous AI agents. It provides isolated execution environments that separate each agent’s code and data from the rest of the system. More importantly, it enforces policies at the filesystem and network layers, meaning an agent can only access the files and network resources explicitly allowed by its policy. This infrastructure-level containment guards against damage when agent logic fails—for example, if an agent attempts to delete critical data or send information to an unauthorized server, OpenShell blocks the action. Additionally, every operation is logged, creating a comprehensive audit trail that enterprises require for compliance and governance. By integrating OpenShell into the SAP Business AI Platform, both companies ensure that security is built in from the start, not added as an afterthought.

Why does NVIDIA’s founder describe AI as a “five-layer cake,” and where does SAP fit in?

NVIDIA’s CEO Jensen Huang has described AI as a stack of five layers: energy, chips, infrastructure, models, and applications. At the top sits the application layer, where AI creates direct economic value and drives productivity for knowledge workers. SAP, as a global leader in enterprise applications, plays a pivotal role in this top layer. SAP runs the critical workflows—finance, procurement, supply chain, and manufacturing—where AI agents must operate within policy, identity, and process controls. Because SAP is already at the core of enterprise operations, it becomes a key driver for the adoption of agentic AI. Without a trusted application layer, even the best models and infrastructure would fail to deliver real business value. That’s why the collaboration with NVIDIA to embed security into SAP’s application platform is so important.

Building Trust in Enterprise AI Agents: How NVIDIA and SAP Are Securing the Future of Autonomous Workflows — Source: blogs.nvidia.com

How does NVIDIA’s own experience as an SAP customer influence this partnership?

NVIDIA is not just a technology provider—it is also a longtime SAP customer, running its own finance, supply chain, and logistics on SAP systems. This gives both companies a shared, real-world context for understanding what enterprise-grade governance requires in practice. NVIDIA knows firsthand the pain points of deploying AI in complex business environments: the need for identity integration, policy enforcement, and auditability. This practical experience informs the co-development of OpenShell, ensuring that the security features are not just theoretical but address actual operational challenges. By combining SAP’s deep knowledge of enterprise workflows with NVIDIA’s AI expertise and hands-on experience, the partnership delivers a solution that is both technically robust and pragmatically grounded in the realities of running a global business.

What specific contributions are SAP engineers making to the OpenShell open-source project?

SAP engineers are working side by side with NVIDIA’s team to further develop OpenShell’s codebase, focusing on the features that enterprises absolutely need to run agentic AI in production. Key contributions include runtime hardening to withstand attacks and failures, policy modeling to define complex authorization rules, enterprise identity integration to connect with existing user directories and single sign-on systems, and auditing and governance hooks to log all agent actions in a format that meets regulatory requirements. These are not add-ons but are being built directly into the open-source runtime, meaning the entire community benefits. By contributing back, SAP ensures that enterprises using the SAP Business AI Platform get a security layer that is continuously improved and aligns with industry best practices, while also influencing the broader ecosystem of agentic AI development.