NVIDIA Launches NemoClaw Stack for Secure Local AI Agent Deployment
Iris Coleman Apr 17, 2026 19:43
NVIDIA releases open-source NemoClaw reference stack enabling developers to run sandboxed AI agents locally on DGX Spark hardware with Nemotron 120B model.
NVIDIA has released NemoClaw, an open-source reference stack that allows developers to deploy autonomous AI agents entirely on local hardware—a significant move for enterprises concerned about data privacy when using cloud-based AI services.
The stack orchestrates several NVIDIA tools to create what the company calls a "sandboxed AI assistant" that runs without external dependencies at runtime. All inference happens on-device, meaning sensitive data never leaves the user's hardware.
What NemoClaw Actually Does
At its core, NemoClaw connects three components: OpenShell (a security runtime that enforces isolation boundaries), OpenClaw (a multi-channel agent framework supporting Slack, Discord, and Telegram), and NVIDIA's Nemotron 3 Super 120B model for inference.
The architecture addresses a real problem. As AI agents evolve from simple Q&A systems into autonomous assistants that execute code, read files, and call APIs, the security risks multiply—especially when third-party cloud infrastructure handles the processing.
"Deploying an agent to execute code and use tools without proper isolation raises real risks," NVIDIA's documentation states. OpenShell creates a "walled garden" that manages credentials and proxies network calls while blocking unauthorized access.
Hardware Requirements and Setup
The reference deployment targets NVIDIA's DGX Spark (GB10) system running Ubuntu 24.04 LTS. Setup takes approximately 20-30 minutes of active configuration, plus 15-30 minutes to download the 87GB Nemotron model.
Developers need Docker 28.x or higher with NVIDIA container runtime, plus Ollama as the local model-serving engine. The installation wizard handles most configuration through a single command: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
One notable caveat: inference with the 120B parameter model typically takes 30-90 seconds per response. That's expected for local inference at this scale, but it means NemoClaw suits workflows where accuracy matters more than speed.
Security Model and Policy Controls
The sandbox restricts agents to a limited set of network endpoints by default. When an agent attempts to access an external service—fetching a webpage or calling a third-party API—OpenShell blocks the request and surfaces it for approval.
Administrators can approve requests for single sessions or permanently add endpoints through policy presets. This gives real-time visibility into what agents access without requiring sandbox restarts.
NVIDIA includes a notable disclaimer: "While OpenShell provides robust isolation, remember that no sandbox offers complete protection against advanced prompt injection. Always deploy on isolated systems when testing new tools."
Why This Matters for Enterprise AI
The release reflects growing enterprise demand for AI capabilities that don't require sending proprietary data to external servers. Financial institutions, healthcare organizations, and defense contractors have been particularly cautious about cloud-based AI tools.
NemoClaw isn't a turnkey product—it's a reference implementation requiring significant technical expertise. But it provides a blueprint for organizations building their own secure agent infrastructure, with NVIDIA handling the complex orchestration between isolation, inference, and messaging platform integration.
Full documentation and code are available on GitHub, with a browser-based demo requiring no hardware at build.nvidia.com/nemoclaw.
Image source: Shutterstock.jpg)