NVIDIA OpenShell v0.0.37 Adds Pluggable Drivers and Enterprise Security for AI Agents

May 11, 2026

NVIDIA released OpenShell v0.0.37, a major breaking update to its secure runtime for autonomous AI agents. The release introduces pluggable compute drivers for running isolated sandboxes (secure environments for code execution) across Docker, Podman, and Kubernetes. This follows the OpenShell security runtime launch and adds OIDC and RBAC gateway authentication.

This update transitions the project from a research preview into production-ready infrastructure. By supporting Kubernetes user namespaces and providing a Helm chart, NVIDIA is aligning agent security with standard DevOps workflows. This fills a gap for organizations using the NVIDIA Agent Toolkit while maintaining isolation from sensitive host systems.

Install the update via new Debian, RPM, or Homebrew packages, though existing users must recreate gateways for a new entity schema. The release also includes GraphQL L7 policy inspection to manage agent tool access. OpenShell remains open-source and is a core component of the NVIDIA agentic stack.

View the full update on github.com

NVIDIA AI

@NVIDIAAIMay 11

OpenShell v0.0.37 🧩 pluggable compute drivers: Docker, Podman, Kubernetes, MicroVM 🔒 OIDC + RBAC gateway auth ☸️ Helm chart + Kubernetes user namespaces 📦 Debian, RPM, and Homebrew packages breaking: recreate the gateway before upgrading. https://t.co/nBEgAWMLLI

View on X

Still wondering? A few quick answers below.

NVIDIA OpenShell is a secure, private runtime environment designed for autonomous AI agents. It provides isolated sandboxes where agents can execute code and use tools without compromising the host system. The platform uses kernel-level isolation and declarative policies to ensure that agentic workflows remain safe and private for enterprise deployments.

OpenShell v0.0.37 introduces pluggable compute drivers that allow users to run agent sandboxes across multiple platforms. Supported drivers now include Docker, Podman, and Kubernetes. This release also adds experimental support for MicroVM-backed sandboxes and QEMU virtual machines with GPU pass-through, enabling more flexible and secure infrastructure options for running autonomous agents.

Upgrading to v0.0.37 requires a full recreation of the gateway because it is a breaking release with a new entity model. Users must back up existing sandboxes, run the gateway destroy command using their current version, and then reinstall OpenShell using the new system package managers for Debian, RPM, or Homebrew.

Yes, NVIDIA OpenShell is an open-source project available on GitHub. It is designed to provide a transparent and verifiable security layer for AI agents. The project includes the core runtime, a gateway for managing policies and sessions, and various compute drivers that developers can use to build and secure their own agentic applications.

The v0.0.37 update adds several enterprise security enhancements, including OIDC and RBAC for gateway authentication. It also introduces GraphQL L7 policy inspection, which allows for deeper monitoring of agent network requests. Additionally, the release supports Kubernetes user namespaces to provide better isolation between the agent sandboxes and the underlying cluster infrastructure.