NVIDIA Ships NemoClaw to Lock Down OpenClaw After Critical Vulnerabilities

NVIDIA Ships NemoClaw to Lock Down OpenClaw After Critical Vulnerabilities

NVIDIA has released NemoClaw, an open-source security stack for the OpenClaw multi-agent AI platform, addressing a wave of critical vulnerabilities that exposed thousands of internet-connected instances to remote code execution attacks. The announcement came at GTC 2026 in San Jose, where CEO Jensen Huang called OpenClaw "revolutionary" and urged every company to adopt an OpenClaw strategy.

The Security Problem NVIDIA Is Solving

OpenClaw, originally known as Clawdbot or Moltbot, gained massive traction with over 180,000 GitHub stars as an open-source platform enabling autonomous AI agents to control files, terminals, browsers, and messaging apps. But its rapid adoption outpaced security. Researchers documented multiple severe vulnerabilities:

• CVE-2026-25253: A one-click remote code execution flaw via WebSocket hijacking, rated 8.8 on the CVSS severity scale
• CVE-2026-24763: Command injection allowing remote execution
• CVE-2026-26322: Server-side request forgery for internal system access
• CVE-2026-30741: Prompt injection leading to code execution

By February 2026, over 40,000 to 135,000 internet-exposed OpenClaw instances were detected, with 35-63% vulnerable to remote code execution. Many leaked API keys, credentials, and chat histories. The ClawHub plugin marketplace contained 341 to 900+ malicious or flawed "skills," including the "ClawHavoc" campaign that stole user credentials.

What NemoClaw Actually Does

NemoClaw wraps OpenClaw with the new OpenShell runtime, providing enterprise-grade security through three core mechanisms:

Isolated Sandboxes: Agents run in contained environments at the process level, preventing unauthorized access beyond permitted boundaries. This directly addresses the RCE vulnerabilities that plagued the original platform.

Policy-Based Enforcement: YAML-defined policies control file access, network connections, tool calls, and data handling with deny-by-default permissions. Enterprises can filter per-endpoint and update policies live without modifying agent code.

Privacy Protections: Sensitive data remains local via anonymized prompts to cloud services; credentials inject at runtime as environment variables rather than stored in sandboxes.

Hardware Pairing and Enterprise Availability

NemoClaw installs via a single command, pulling the OpenShell runtime and Nemotron models from NVIDIA's Agent Toolkit. It runs on GeForce RTX PCs, DGX Spark ($3,999, available now through ASUS and Dell), and DGX Station for larger deployments. The DGX Spark serves as what NVIDIA calls a "desktop data center" for building and validating agents before cloud deployment.

The stack remains early-stage—alpha-like, according to documentation—but signals NVIDIA's commitment to securing the multi-agent workflow trend that dominated enterprise AI adoption in early 2026. Gartner predicted 40% of enterprise applications would incorporate task-specific AI agents by year's end, with multi-agent orchestration becoming standard for complex workflows.

Cisco partnered with NVIDIA on AI Defense integration for extended verification and boundary enforcement. The NemoClaw release includes "build-a-claw" sessions at GTC and beta resources for developers ready to deploy autonomous agents in production environments.