NVIDIA OpenShell drops out-of-process agent governance

OpenShell addresses the "inverted" threat model of AI agents where the risk isn't just escaping the sandbox, but the agent misusing its legitimate access. It provides kernel-level isolation via Linux Landlock, out-of-process enforcement to block prompt injection, and a model-agnostic privacy router for local context management. Declarative YAML policies allow developers to define granular access without modifying code, and integration with the NemoClaw stack bridges the gap between local RTX development and enterprise DGX deployment.