NVIDIA Hardens OpenShell Agent Runtime With OIDC and DNS Exfiltration Blocks

May 18, 2026

NVIDIA released OpenShell v0.0.43, a major update to its open-source secure runtime for autonomous AI agents. This version introduces bidirectional TTY streaming for interactive sessions and adds OpenID Connect support to the terminal interface. It follows the recent addition of agent-driven policy management to the platform.

Authentication: OIDC, mTLS, and HTTPS
Configuration format: TOML (RFC 0003)
Sandbox storage: ext4 root disks
Security hardening: DNS-based exfiltration blocking
Interactive support: Bidirectional TTY streaming

As organizations move toward production-grade agentic engineering, security remains the primary hurdle for autonomous systems. By decoupling HTTPS from mTLS and removing DNS resolution from the sandbox mapper, NVIDIA is addressing specific exfiltration risks. These changes ensure that even if an agent is compromised, it cannot easily leak sensitive data through unauthorized network lookups.

You can now boot sandboxes from ext4 root disks and manage gateway settings via a new TOML-based configuration format. The update also restores sandboxes automatically after a gateway restart, improving reliability for long-running tasks. OpenShell v0.0.43 is available now on GitHub for developers building isolated enterprise agent environments.

View the full update on github.com

NVIDIA AI

@NVIDIAAI2d ago

OpenShell v0.0.43 🛠️ bidirectional TTY streaming 🔒 OIDC auth in the TUI 🧩 HTTPS and mTLS decoupled 📦 TOML gateway config (RFC 0003) 🖥️ sandboxes boot from ext4 disks 🛡️ DNS removed from sandbox mapper to block exfiltration Authentication, streaming, and sandbox isolation improvements. https://t.co/vtEWZ79Cwi

17173

View on X

Still wondering? A few quick answers below.

OpenShell is an open-source, secure runtime environment designed specifically for autonomous AI agents. It provides isolated sandboxes that allow agents to execute code and perform multi-step tasks without compromising the host system. By using kernel-level isolation and strict policies, it ensures that agent actions remain private and secure in enterprise settings.

The v0.0.43 update hardens sandbox security by removing DNS resolution from the mechanistic mapper. This prevents AI agents from using DNS lookups as a covert channel to leak sensitive data from the isolated environment to external servers. This change is a critical security measure for maintaining data integrity in production agentic pipelines.

Bidirectional TTY streaming enables interactive terminal sessions within the OpenShell sandbox. This means an AI agent can now handle programs that require real-time terminal input and output, such as interactive command-line tools. Previously, agents were limited to non-interactive processes, which restricted certain types of autonomous workflows.

OpenID Connect is now integrated into the OpenShell terminal user interface. This allows organizations to authenticate users and agents against existing identity providers, such as enterprise SSO systems. OIDC support enables centralized access control and audit logging for all agent sessions, meeting compliance requirements for enterprise deployments.

In v0.0.43, HTTPS and mTLS have been decoupled into separate, independent security layers. Previously, they were configured together, which could cause issues for environments that only needed one or the other. Decoupling them provides more granular control over transport security, making OpenShell more flexible for diverse enterprise network topologies.