§ AI Safety · 7 min read
The first serious attempt to make autonomous AI agents safe for business. What it does, who built it, and what it means for your strategy.
Katonic AI
AI Safety
Security layer
Wraps around OpenClaw
Network isolation
Blocks unauthorized connections
File access control
Sandboxed container environment
Model gateway
Controlled AI provider access
Alpha available
Released at GTC 2026
Announced at GTC 2026 · by NVIDIA
§ 01
Key Takeaway
NemoClaw is an open source security layer that NVIDIA built for OpenClaw - its framework for building autonomous AI agents. NemoClaw wraps around OpenClaw and controls what an agent is allowed to do: which networks it can reach, which files it can touch, and which AI models it can call. It was announced at GTC 2026 and is currently available in alpha.
If your company is experimenting with AI agents - or planning to - NemoClaw matters because it is the first serious infrastructure-level answer to a question every enterprise will eventually have to answer: how do you stop an autonomous agent from doing something it should not?
§ 02
OpenClaw is NVIDIA's open source framework for building AI agents. It gives developers the primitives to create agents that can reason, plan, use tools, and take actions in the world. That is the point. But it also means an OpenClaw agent, by default, can try to do almost anything: call external APIs, read local files, connect to any AI model provider.
In a development environment, that flexibility is useful. In a production enterprise environment - where agents handle customer data, internal systems, and business-critical workflows - it is a liability. Without guardrails, a single compromised prompt or misconfigured agent could exfiltrate data, rack up unexpected API costs, or trigger actions in systems it was never supposed to touch.
Without NemoClaw, an OpenClaw agent can…
Unauthorized Network
Requests to any endpoint
Uncontrolled File Access
Beyond intended scope
Any LLM Provider
Calls without authorization
§ 03
NemoClaw installs with a single command and does three things:
First
It creates a sandboxed environment - an isolated container where the agent runs. It cannot reach outside unless you explicitly allow it.
Second
It applies strict network policies. The agent can only reach its AI model provider by default. Every new connection gets blocked until a human approves it.
Third
It manages AI model access. Every model call goes through a controlled gateway. You pick the model. You can change it anytime.
In summary, NemoClaw gives you:
Sandboxed Environment
Isolated container. Cannot reach outside unless explicitly allowed.
Strict Network Policies
AI model provider only by default. New connections blocked until approved.
Managed AI Model Access
Every model call through a controlled gateway. You choose the model.
§ 04
NemoClaw was built by NVIDIA's AI enterprise division, with Peter Steinberger - formerly of PSPDFKit - leading the engineering effort. The project was unveiled at GTC 2026, NVIDIA's flagship developer conference, as part of a broader push to make OpenClaw production-ready for enterprise deployments.
Early adopters and design partners include some of the most security-conscious organisations in enterprise software. CrowdStrike is using NemoClaw to sandbox its AI security agents - a fitting application given that their core product protects against exactly the kind of unauthorized access NemoClaw is designed to prevent. Cisco is integrating it into its networking AI stack, and Salesforce is evaluating it for its Agentforce platform, where autonomous agents interact with customer data at scale. This trio of early adopters spans security, infrastructure, and CRM - three of the highest-stakes categories for enterprise AI.
§ 05
NemoClaw is alpha software. That is not a criticism - it is important context for planning. The sandbox and network controls are real and functional. But as of GTC 2026, the project has several meaningful gaps that any serious enterprise evaluation should account for.
No cross-tenant management for multiple teams, agents, or environments.
No detection or redaction of personally identifiable information in agent communications.
No prompt injection detection, content classification, or grounding checks.
No budget controls, cost metering, or role-based access for agent lifecycle management.
§ 06
The question is not whether your company will use AI agents - it is when, and whether you will have the security infrastructure in place when you do. NemoClaw is one early answer. It will not be the last.
§ 07
Katonic 7.0 is our enterprise agent platform, built for organisations that need AI agents to operate autonomously within strict security and compliance boundaries. It includes built-in governance, observability, guardrails, and zero data egress architecture - the capabilities that NemoClaw is working toward, available today for production enterprise deployments.
Learn more at katonic.ai.
Katonic AI
AI Safety
We build enterprise agent infrastructure for organisations that cannot afford to get AI safety wrong. Katonic 7.0 delivers governance, guardrails, and observability for autonomous AI agents - with zero data egress and full audit trails, on your own infrastructure.
Learn how Katonic approaches enterprise agent security →§ Related articles
Katonic 7.0 delivers governance, guardrails, and observability for autonomous AI agents. Zero data egress.
