NVIDIA Gets Its Claws In
NVIDIA and SAP's Sapphire collaboration gives enterprise AI agents what they've been missing: the governance infrastructure to actually act, not just advise.
The sci-fi version of AI going rogue tends to involve dramatic hardware. A spacecraft that locks you out of the airlock. An android that decides self-preservation trumps the mission. The actual risk with enterprise AI agents is considerably less cinematic. It's an automated system that raises a purchase order for the wrong amount, against a supplier whose contract has just been flagged for review, because the governance layer didn't know about the review. Nobody dies. Nobody learns an important lesson about human nature. But someone in procurement spends the next two weeks reversing it, and the CIO has a new item for the board's AI risk register.
This is the problem SAP and NVIDIA are trying to solve. Not the drama. The paperwork.
At SAP Sapphire in Orlando, where Jensen Huang joined Christian Klein's keynote by video link on 10 May, they announced an expanded collaboration aimed at making enterprise AI agents governable rather than merely capable. SAP is embedding NVIDIA's OpenShell runtime into its Business AI Platform as the security layer for all SAP AI agents, including custom ones built in Joule Studio. NVIDIA's NemoClaw, an open source reference blueprint for building autonomous agents, will be available directly in Joule Studio. The effect, if it works as described, is that teams building agents on SAP's platform get a governed starting point rather than a blank canvas with sharp edges.
The announcement matters less for what it introduces than for what it addresses.
Can it? Should it?
There's a phrase in NVIDIA's announcement that I keep turning over: "NVIDIA OpenShell asks: Can this agent action safely execute? Joule Studio runtime asks: Should this action happen at all? Together, they close a gap that application-layer security alone cannot."
That distinction between can and should is most of the governance problem in a sentence. Can is an engineering question. Should is a business process question. Most enterprise AI deployments that have gone sideways didn't go sideways because the model hallucinated something catastrophic. They went sideways because the execution environment didn't understand that a particular action required a particular authorisation that wasn't in the model's context. The agent optimised for its local objective. The rest of the organisation discovered the consequences later.
Salesforce put it in almost identical terms in their own analysis of enterprise agentic infrastructure, published around the same time: "An agent without a robust-enough harness might optimize locally but create chaos collectively." Different vendor, same observed problem. Somewhat reassuring that the industry is converging on an honest diagnosis, even if the solutions are still early.
Autonomous agents change the trust equation materially. An agent that can touch systems of record, cross application boundaries, and execute without a human reviewing each step needs to understand roles, permissions, process controls, and data boundaries. It needs an audit trail. It needs to know when it doesn't have authority, and stop.
Christian Klein's press release quote captures the bar being set: "For the mission-critical processes of our customers, 'almost right' just isn't good enough."
What OpenShell actually does
OpenShell is an open source runtime that provides isolated execution environments, policy enforcement at the filesystem and network layers, and infrastructure-level containment when something goes wrong. Under the hood it uses kernel-level mechanisms (Landlock, seccomp, and network namespacing on Linux) to constrain what an agent can see and reach. Less like trusting an employee with full office access; more like a contractor with a managed access pass and a defined scope of work.
If you want a simpler metaphor, the product names supply one: OpenShell is the hard outer casing, the exoskeleton that limits what an agent can touch. OpenClaw (the autonomous agent stack that runs inside it) is what reaches out and grabs things. Together they're less HAL 9000 and more a very well-governed crustacean: constrained in what it can reach, audited in what it clutches.
SAP engineers are co-developing OpenShell alongside NVIDIA's team, contributing runtime hardening, policy modelling, enterprise identity integration, and auditing hooks back to the open source project. This isn't just licensing an NVIDIA product. It's a genuine co-development. Both companies have operational reasons to care: NVIDIA itself runs its own finance, supply chain, and logistics on SAP, giving it first-hand context for what enterprise governance requires in practice. When the team building the security runtime is also a production user of the platform being secured, you get a different quality of attention to the edge cases.
NemoClaw is the reference stack for deploying OpenClaw, an autonomous AI agent, inside OpenShell with managed inference. The GitHub repository had passed 20,500 stars by the time of the Sapphire announcement. Its arrival in Joule Studio means SAP developers get a governed blueprint as their starting point rather than having to engineer their own security scaffolding from scratch. Which, in enterprise software delivery terms, is the difference between shipping in twelve weeks and shipping in eighteen months.
Jensen Huang's framing of AI as a five-layer stack (energy, chips, infrastructure, models, applications) positions SAP as the applications layer where economic value is actually created.
The commerce implications
For retailers and CPG brands running SAP, the practical scope of what this enables is now more concrete.
SAP's Autonomous Enterprise vision, launched at Sapphire in the same week, includes more than 60 purpose-built agents across supply chain processes: manufacturing, logistics, asset operations. The framing is that they're designed to "sense events, analyse impact, and take guided action within defined business guardrails" while keeping people in control when the decision warrants it. General availability is being phased through 2026.
On the procurement side, SAP announced four new Joule Assistants: a Category Management Assistant that analyses spend patterns and builds category strategies; a Sourcing Assistant that manages the full RFP-to-negotiation lifecycle; a Supplier Management Assistant for continuous risk monitoring across the supply base; and a Contract Assistant for authoring, renewals, and connecting supplier selection through to contract.
These are not chatbots that answer questions about procurement. They are agents designed to take actions in procurement workflows.
SAP's framing for this is "from AI in applications to AI on applications." It's a meaningful distinction. The old model is a feature added to a product. The new model is intelligence that operates across the landscape, touching multiple systems without living exclusively inside any one of them. The execution complexity of coordinating agents across a large, hybrid SAP estate is real; enterprise software takes time, and anyone who's lived through a major SAP implementation knows it. But the architectural direction is clear, the ecosystem commitment is substantial, and the use-cases are concrete enough to plan around now rather than waiting for a future-state slide deck to become a project.
The best real-world illustration from Sapphire came not from a retailer but from Aeropuertos Argentina, which manages 90% of Argentina's commercial flights. They built an AI agent called SNOW (Smart Network for Operative Winter) on SAP's Business Technology Platform to coordinate weather data, runway sensors, maintenance processes, and operational procedures. Twelve weeks from idea to production. Expected 16% cost reduction. Their CIO described the outcome as moving "from a reactive to a proactive model." Not retail, but the deployment shape (coordinated autonomous action across multiple data sources, within a defined operational scope) is exactly what supply chain and procurement would look like.
For UK retailers
If you're working in technology at a major UK retailer that runs SAP, the relevant question right now is probably not "should we build AI agents on this platform?" The direction of travel is clear enough that that's almost settled. The more useful question is whether your internal governance thinking has caught up with what you'd actually be deploying.
The collaboration with NVIDIA addresses the technical governance layer. OpenShell constrains what an agent can execute. Joule Studio constrains what it's authorised to do. The organisational questions (who authorises what, what decisions require human sign-off, what the audit trail looks like for an AI-generated purchase order) are still internal work. Neither technology replaces the judgement calls about where the lines sit.
It's worth being honest that this is still early. No named UK retailer has publicly announced a deployment on this specific infrastructure. The collaboration was announced on 10 May 2026 and full availability is still being phased through the year. The Argentina airports case is the closest we have to evidence of the deployment shape, in a different sector and a different country. Extrapolating from it to an autonomous replenishment agent for a major UK grocer is a reasonable inference, not a proven roadmap.
But the last two years of enterprise AI investment have built substantial demand-side capability in UK retail: forecasting models, personalisation engines, search. What's been slower is the procurement-side integration. The tariff disruptions of 2025-26 made that gap visible. The SAP agent tooling is a direct answer to that half of the problem. The payments infrastructure layer received similar treatment in 2025, with consumer-side trust still catching up. What's emerging is a full agentic commerce stack, being built from multiple directions simultaneously.
SAP's Autonomous Enterprise launch came with a €100 million partner fund and partnerships spanning Anthropic, AWS, Google Cloud, Microsoft, NVIDIA, and Palantir. Platform plays succeed when the ecosystem commits. NVIDIA's own survey of retail and CPG professionals found 89% already adopting or piloting AI, 97% planning to increase spending. Vendor figures, so discount accordingly; but consistent with the mood you'd encounter talking to anyone in enterprise commerce technology right now.
What has changed at Sapphire is that enterprise AI agents now have somewhere to live in the platform most large commerce operations already run on. The governance question has an engineering answer. And the things people have been theorising about for two years are now buildable things, not future-state slides. Procurement that actually closes the loop without a human chasing every purchase order. Supply chains that sense disruption and act before a planner even opens their laptop.
The organisational questions about where the lines sit still need human answers. Worth working those out now, before your agents have the company credit card.
Stay Connected
Follow LLCommerce on LinkedIn
Get the latest AI commerce insights, analysis, and industry news delivered to your feed.
Large Language CommerceAbout the Author
E-commerce Technical Specialist
Simon specialises in retail technology and accessible e-commerce, with a particular interest in inclusive digital experiences. E-commerce Technical Specialist, practitioner, and self-confessed AI evangelist.