AnalyticsAutomationAi PersonalizationPayments

In-depth coverage of artificial intelligence in commerce. Analysis, insights, and news for retail technology leaders.

Topics

  • Analytics
  • Automation
  • Ai Personalization
  • Payments
  • Discovery

Publication

  • All Articles
  • About
  • RSS Feed
  • Site Map

Connect

  • LinkedIn

© 2026 LLCommerce. All rights reserved.

Covering AI in commerce since 2024

All Articles
NVIDIA Gets Its Claws In
Automation10 min read

NVIDIA Gets Its Claws In

NVIDIA and SAP's Sapphire collaboration gives enterprise AI agents what they've been missing: the governance infrastructure to actually act, not just advise.

Topics
agentic-commercesupply-chaingenerative-aiuk-retailstrategy
Simon Seddon

Simon Seddon

Technology Specialist

—16 May 2026

The sci-fi version of AI going rogue tends to involve dramatic hardware. A spacecraft that locks you out of the airlock. An android that decides self-preservation trumps the mission. The actual risk with enterprise AI agents is considerably less cinematic. It's an automated system that raises a purchase order for the wrong amount, against a supplier whose contract has just been flagged for review, because the governance layer didn't know about the review. Nobody dies. Nobody learns an important lesson about human nature. A distinct absence of glowy red laser eyes. But someone in procurement spends the next two weeks reversing it, and the CIO has a new item for the board's AI risk register.

This is the problem SAP and NVIDIA are trying to solve. The paperwork, not the drama.

At SAP Sapphire in Orlando, where Jensen Huang joined Christian Klein's keynote by video link on 10 May, they announced an expanded collaboration aimed at making enterprise AI agents governable rather than merely capable. SAP is embedding NVIDIA's OpenShell runtime into its Business AI Platform as the security layer for all SAP AI agents, including custom ones built in Joule Studio. NVIDIA's NemoClaw, an open source reference blueprint for building autonomous agents, will be available directly in Joule Studio. The effect, if it works as described, is that teams building agents on SAP's platform get a governed starting point rather than a blank canvas with sharp edges.

The announcement matters less for what it introduces than for what it addresses.

Can it? Should it?

There's a phrase in NVIDIA's announcement that I keep turning over: "NVIDIA OpenShell asks: Can this agent action safely execute? Joule Studio runtime asks: Should this action happen at all? Together, they close a gap that application-layer security alone cannot."

That distinction between can and should is most of the governance problem in a sentence. Can is an engineering question. Should is a business process question. Most enterprise AI deployments that have gone sideways didn't go sideways because the model hallucinated something catastrophic. They went sideways because the execution environment didn't understand that a particular action required a particular authorisation that wasn't in the model's context. The agent optimised for its local objective. The rest of the organisation discovered the consequences later.

Getting AI to be good at a task is, relatively speaking, the easy part. Getting it to know what it's allowed to do, in this organisation, with this data, subject to these policies: that's the hard part.

Salesforce put it in almost identical terms in their own analysis of enterprise agentic infrastructure, published around the same time: "An agent without a robust-enough harness might optimize locally but create chaos collectively." Different vendor, same observed problem. Somewhat reassuring that the industry is converging on an honest diagnosis, even if the solutions are still early.

Autonomous agents change the trust equation materially. An agent that can touch systems of record, cross application boundaries, and execute without a human reviewing each step needs to understand roles, permissions, process controls, and data boundaries. It needs an audit trail. It needs to know when it doesn't have authority, and stop.

Christian Klein's press release quote captures the bar being set: "For the mission-critical processes of our customers, 'almost right' just isn't good enough."

What OpenShell actually does

OpenShell is an open source runtime that provides isolated execution environments, policy enforcement at the filesystem and network layers, and infrastructure-level containment when something goes wrong. Under the hood it uses kernel-level mechanisms (Landlock, seccomp, and network namespacing on Linux) to constrain what an agent can see and reach. Think of it like a contractor with a managed access pass and a defined scope of work, rather than an employee with the run of the office.

If you want a simpler metaphor, the product names supply one: OpenShell is the hard outer casing, the exoskeleton that limits what an agent can touch. OpenClaw (the autonomous agent stack that runs inside it) is what reaches out and grabs things. Together they're closer to a very well-governed crustacean than to HAL 9000: constrained in what it can reach, audited in what it clutches.

SAP engineers are co-developing OpenShell alongside NVIDIA's team, contributing runtime hardening, policy modelling, enterprise identity integration, and auditing hooks back to the open source project. It's a genuine co-development rather than a licensing arrangement. Both companies have operational reasons to care: NVIDIA itself runs its own finance, supply chain, and logistics on SAP, giving it first-hand context for what enterprise governance requires in practice. When the team building the security runtime is also a production user of the platform being secured, you get a different quality of attention to the edge cases.

NemoClaw is the reference stack for deploying OpenClaw, an autonomous AI agent, inside OpenShell with managed inference. The GitHub repository had passed 20,500 stars by the time of the Sapphire announcement. Its arrival in Joule Studio means SAP developers get a governed blueprint as their starting point rather than having to engineer their own security scaffolding from scratch. Which, in enterprise software delivery terms, is the difference between shipping in twelve weeks and shipping in eighteen months.

Jensen Huang's framing of AI as a five-layer stack (energy, chips, infrastructure, models, applications) positions SAP as the applications layer where economic value is actually created.

The model is not the product. The application is the product. And for enterprise commerce, the application is only as useful as its governance.

The commerce implications

For retailers and CPG brands running SAP, the practical scope of what this enables is now more concrete.

SAP's Autonomous Enterprise vision, launched at Sapphire in the same week, includes more than 60 purpose-built agents across supply chain processes: manufacturing, logistics, asset operations. The framing is that they're designed to "sense events, analyse impact, and take guided action within defined business guardrails" while keeping people in control when the decision warrants it. General availability is being phased through 2026.

On the procurement side, SAP announced four new Joule Assistants: a Category Management Assistant that analyses spend patterns and builds category strategies; a Sourcing Assistant that manages the full RFP-to-negotiation lifecycle; a Supplier Management Assistant for continuous risk monitoring across the supply base; and a Contract Assistant for authoring, renewals, and connecting supplier selection through to contract.

"Sourcing Assistant" is the one to keep an eye on for fashion procurement specifically — that's an agent that can run a denim mill RFP through to a counter-signed contract, with the relevant terms pulled from the supplier risk feed and a finance approval looped in at the threshold the policy file says it should be. The agent isn't answering a question about that workflow; it's running it.

SAP's framing for this is "from AI in applications to AI on applications." It's a meaningful distinction: instead of bolting features onto products, you have intelligence that operates across the estate, touching multiple systems without living exclusively inside any one of them. The execution complexity of coordinating agents across a large, hybrid SAP estate is real; enterprise software takes time, and anyone who's lived through a major SAP implementation knows it. But the architectural direction is clear, the partner commitment is substantial, and the use-cases are concrete enough to plan around now rather than waiting for a future-state slide deck to become a project.

The best real-world illustration from Sapphire came not from a retailer but from Aeropuertos Argentina, which manages 90% of Argentina's commercial flights. They built an AI agent called SNOW (Smart Network for Operative Winter) on SAP's Business Technology Platform to coordinate weather data, runway sensors, maintenance processes, and operational procedures. Twelve weeks from idea to production. Expected 16% cost reduction. Their CIO described the outcome as moving "from a reactive to a proactive model." Not retail, but the deployment shape (coordinated autonomous action across multiple data sources, within a defined operational scope) is exactly what supply chain and procurement would look like.

For UK retailers

If you're working in technology at a major UK retailer that runs SAP, the relevant question right now is probably not "should we build AI agents on this platform (or emerging simlar platforms)?" The direction of travel is clear enough that that's practically settled. The more useful question is whether your internal governance thinking has caught up with what you'd actually be deploying.

The collaboration with NVIDIA addresses the technical governance layer. OpenShell constrains what an agent can execute. Joule Studio constrains what it's authorised to do. The organisational questions are still internal work: who in finance can countersign a PO above £50k, what the audit trail looks like when the buyer is an agent rather than a person, which conversations a category manager needs to be looped into and which ones the agent can close on its own. Neither technology replaces the judgement calls about where the lines sit. Those land on a CIO's desk, not in a configuration file.

It's worth being honest and re-iterating that this is still very early. No named UK retailer has publicly announced a deployment on this specific infrastructure. The collaboration was announced early May 2026 and full availability is still being phased through the year. The Argentina airports case is the closest we have to evidence of the deployment shape, in a different sector and a different country. Extrapolating from it to an autonomous replenishment agent for a major UK grocer is a reasonable inference, not a proven roadmap.

But the last two years of enterprise AI investment have built substantial demand-side capability in UK retail: forecasting models, personalisation engines, search. What's been slower is the procurement-side integration. The tariff disruptions of 2025-26 made that gap visible. The SAP agent tooling is a direct answer to that half of the problem. The payments infrastructure layer received similar treatment in 2025, with consumer-side trust still catching up. What's emerging is a full agentic commerce stack, being built from multiple directions simultaneously.

SAP's Autonomous Enterprise launch came with a €100 million partner fund and partnerships spanning Anthropic, AWS, Google Cloud, Microsoft, NVIDIA, and Palantir. Platform plays succeed when the ecosystem commits. NVIDIA's own survey of retail and CPG professionals found 89% already adopting or piloting AI, 97% planning to increase spending. Vendor figures, so discount accordingly; but consistent with the mood you'd encounter talking to anyone in enterprise commerce technology right now.


What has changed at Sapphire is that enterprise AI agents now have somewhere to live in the platform most large commerce operations already run on. The governance question has an engineering answer. And the things people have been theorising about for two years are now buildable things, not future-state slides — procurement that actually closes the loop without a buyer chasing the same supplier three times before lunch, supply chains that move on a tariff change overnight rather than waiting for someone in planning to open their laptop Monday morning.

I think many organisational questions remain and continue to emerge regarding the agent/human relationship, the division of accountability and labour, and who's pulling the agentic levers and puppet strings. Those are worth answering soon, before your agents have the company credit card.

Tags

agentic-commercesupply-chaingenerative-aiuk-retailstrategy

Stay Connected

Follow LLCommerce on LinkedIn

Get the latest AI commerce insights, analysis, and industry news delivered to your feed.

Large Language Commerce
Follow on LinkedIn

About the Author

Simon Seddon
Simon Seddon

Technology Specialist

Simon writes about retail technology and accessible e-commerce from twenty-plus years inside it. He is a tech lead within a UK fashion retailer, practitioner, and an AI evangelist.

Related

I/O 2026 and What Google Wants the Cart to Become

23 May 2026

Inside the Autonomous Warehouse

8 May 2026

The UCP Tech Council Just Got Serious

27 April 2026

AI in Physical Retail: What's Actually Working in 2026

16 March 2026

Alibaba's Accio Work Is Worth a Proper Look

2 March 2026

Follow Us

Get insights in your feed

FollowLarge Language Commerce