NVIDIA announced NemoClaw at GTC 2026 less than a week ago. It’s a security wrapper for OpenClaw, the open source AI agent platform that became the fastest growing open-source project in history, but got plagued with security concerns. Kernel-level sandboxing, a deny-by-default policy engine, and a privacy router.

One group of researchers called it a “lethal trifecta.”

NemoClaw is NVIDIA’s response. It wraps OpenClaw inside the OpenShell runtime with three layers of protection:

• A kernel-level sandbox using Landlock, seccomp, and network namespaces

• An out-of-process policy engine that agents supposedly cannot override

• A privacy router that keeps sensitive data on local Nemotron models while routing complex queries to cloud APIs

Zack Korman, a cybersecurity professional and CTO at Pistachio, started poking at Nemoclaw. Korman’s background is in threat detection, and he has a law degree from Edinburgh and a master’s from Oxford, so he knows how to read documentation carefully.

The Vulnerability Korman Found