AI agents are no longer confined to demos and copilots. They are beginning to act inside real enterprise systems: executing tasks, invoking tools, and operating continuously across business processes.
For SAP customers, this shift promises step-change productivity. But it also raises a hard requirement: Enterprise AI agents must be safe, governable, and auditable by design.
This is the context for SAP’s deep technical collaboration on SAP Business AI Platform with NVIDIA OpenShell, an open source secure runtime for autonomous AI agents. This collaboration is not about SAP “adopting” a runtime. It is about SAP actively shaping, hardening, and productizing the execution layer for enterprise agentic AI—together with NVIDIA.
Why this matters to SAP customers
For SAP customers, the value of this collaboration is concrete and practical. It enables:
- AI agents that operate inside SAP processes without bypassing governance
- Security models aligned with enterprise IAM and compliance frameworks
- Clear audit trails for agent actions across systems
- Confidence to move from pilots to production
Most importantly, it avoids a false choice between innovation and control. Customers do not have to bolt security on later, or redesign their risk models to accommodate AI agents. Instead, security and governance are built into the execution model from the start.
The real enterprise challenge: Trusting agents that act
When AI systems move from generating responses to executing actions, the risk profile fundamentally changes. Agentic systems can touch systems of record, cross application and data boundaries, and operate without human review at every step.
In all enterprise environments, especially regulated ones, this makes execution safety and governance the defining challenge. Traditional chatbot-era controls are insufficient once agents can access shells, files, networks, credentials, and APIs.
SAP customers know this reality well. Business AI is only valuable if it can be:
- Inspected and audited
- Constrained by policy
- Trusted by security and compliance teams
Solving this problem requires more than infrastructure primitives or application-level rules alone.
NVIDIA OpenShell: The foundation
NVIDIA OpenShell addresses a critical layer of the problem: secure, sandboxed execution of autonomous agents.
As an open source runtime, OpenShell introduces strong capabilities, including:
- Isolated execution environments
- Policy enforcement for filesystem and network access
- Runtime-level containment that limits blast radius even when agent logic fails
These capabilities form a foundational layer for autonomous agents to execute safely. In practice, enterprises need that execution layer aligned with business context and governance.
Enterprises expect clarity on questions such as:
- Which business role authorizes an action?
- Which process context applies?
- How actions map to enterprise policies and audit trails?
This is where SAP’s contribution becomes decisive.
What SAP brings: Enterprise semantics, governance, and scale
SAP is co-developing and contributing to OpenShell based on enterprise reality.
1. Enterprise-driven runtime requirements
SAP operates at a level of scale and responsibility that few software providers do: mission-critical processes, regulated industries, and millions of transactions per hour.
By bringing real SAP agentic workloads into the collaboration, SAP provides the operational proving ground that OpenShell needs to mature from a powerful runtime into an enterprise-hardened one.
This includes shaping requirements around:
- Isolation boundaries that match enterprise risk models
- Policy enforcement aligned with real business constraints
- Auditability that stands up to customer and regulatory scrutiny
2. Co-development of OpenShell capabilities
SAP is committing engineering capacity to the OpenShell open-source code base, with a focus on areas that matter specifically to enterprises: runtime hardening, policy modeling, enterprise identity integration, and auditing and governance hooks.
SAP is helping define how secure agent execution must work for enterprises; not just theoretically, but in production.
3. Joule Studio runtime: From runtime safety to enterprise control
Where OpenShell secures execution, Joule Studio runtime provides the enterprise harness that makes agents usable and governable in business systems:
- Business-aware policy semantics like roles, skills, life cycle
- Enterprise identity and access control
- Observability and auditability across agent behavior
- Deployment and operational governance across landscapes
This ensures that agent autonomy is always framed by business intent and accountability, not just technical permissions.
OpenShell answers: “Can this action safely execute?”; Joule Studio runtime answers: “Should this action happen at all?”
Raising the bar for enterprise agentic AI
This collaboration represents more than an integration. It reflects a shared intent to define what “enterprise-grade” actually means for autonomous AI systems.
By combining NVIDIA’s runtime and security innovation and SAP’s enterprise productization, governance expertise, and operational scale, SAP and NVIDIA are working toward an integrated solution for trusted agent execution—one that enterprises can inspect, govern, and rely on.
For SAP customers, this means AI agents that are not just powerful, but designed to earn trust in the environments where trust matters most.
Andre Lamego is senior vice president and chief product officer of SAP BTP Fabric
