iTmethods
    Back to Insights
    Bridge

    Securing the Agentic Era: OpenClaw, NemoClaw, and the Governance Layer That's Still Missing

    NemoClaw secures the container. Reign governs the enterprise. Here's why you need both.

    PG
    Paul GoldmanCEO, iTmethods
    March 23, 202614 min read

    Part of the “Securing the Agentic Era: The New Stack” series

    Part 1: The AI-Native StackPart 2: Why 80% Are StuckPart 3: Regulated IndustriesThis Article: OpenClaw, NemoClaw & the Governance Gap

    Jensen Huang just called OpenClaw “the next Linux.” He’s right — and that’s exactly the problem.

    Last week, Jensen Huang stood in front of 30,000 people at GTC 2026 and made a declaration that should keep every CISO, CTO, and Chief AI Officer up at night.

    He’s right. OpenClaw is now the fastest-growing open-source project in human history, surpassing React’s 10-year GitHub record in ~60 days and now exceeding 250,000 stars. It’s an autonomous AI agent (powered by the open Model Context Protocol, or MCP) that can call large models, access tools and file systems, break down tasks, spawn sub-agents, and interact across systems. Huang positioned it as “the operating system for intelligent computers” — just as Windows ushered in the PC era, OpenClaw will usher in the era of personal agents.

    But here’s what Jensen said next that the industry hasn’t fully absorbed: “An agent with full OpenClaw capabilities can access employee records, supply chain data, and financial information, and send it outside the organization.”

    He said the quiet part out loud. And then he showed NVIDIA’s answer: NemoClaw.

    250K+
    GITHUB STARS
    OPENCLAW
    8.8
    CVSS SCORE
    CRITICAL RCE
    824+
    MALICIOUS SKILLS
    IN MARKETPLACE
    135K
    EXPOSED INSTANCES
    ON PUBLIC INTERNET
    87%
    OF ENTERPRISES
    UNTRACKED AI USAGE
    22%
    RUNNING OPENCLAW
    WITHOUT IT APPROVAL

    The OpenClaw Governance Challenge — By the Numbers

    Before we talk about solutions, let’s be precise about the problem. The numbers are staggering:

    CVE-2026-25253

    A critical remote code execution vulnerability, CVSS 8.8 (High), found in the core OpenClaw system itself. No plugins, no marketplace, no extensions required.

    824+ Malicious Skills

    Out of 10,700+ in the skills marketplace — roughly 20% of the entire ecosystem is compromised (per Bitdefender and Koi Security analyses; Bitdefender places the figure closer to 900).

    42,665 Exposed Instances

    Identified in an independent study, with 5,194 actively verified as vulnerable and 93.4% exhibiting authentication bypass conditions.

    135,000 Instances Exposed

    Via default binding to 0.0.0.0:18789 — listening on all network interfaces, including the public internet (Bitdefender scan).

    22% Shadow AI Adoption

    Of monitored organizations have employees running OpenClaw without IT approval — shadow AI that traditional security controls cannot address. And 87% of enterprises already have untracked AI usage across their organizations.

    And it’s not just a Western problem. In March 2026, the Chinese government moved to restrict state agencies and state-owned enterprises from using OpenClaw, citing security concerns.

    This is not a theoretical risk assessment. This is an active, multi-vector security challenge affecting every enterprise that has developers with laptops.

    What NemoClaw Actually Is (and Isn’t)

    Jensen’s response at GTC was NemoClaw — a reference design built on OpenClaw with three security layers:

    1. OpenShell Runtime Sandboxing

    Every agent runs inside an isolated sandbox (Docker container with configurable YAML policy controls). Administrators define which files an agent can access, which network connections it can make, and which cloud services it can call. The key architectural innovation is out-of-process policy enforcement: the guardrails do not live inside the same agent process they are meant to restrain.

    2. Privacy Router

    Keeps sensitive data on-device, only routing to external models (Claude, GPT, etc.) when policy permits. Decisions are driven by cost and privacy rules configured per organization.

    3. Network Guardrails

    Deny-by-default network policies with kernel-level sandboxing and granular constraints across filesystem, network, and processes. Agents can learn, install verified skills, and spawn sub-agents without running unreviewed code, while still proposing policy changes for approval.

    This is meaningful. NVIDIA building governance directly into the agent infrastructure stack tells you everything about where this market is heading. When the world’s most influential AI company validates that ungoverned agents are a serious enterprise risk, the debate is over.

    But NemoClaw is infrastructure-level security (currently in early preview and explicitly not production-ready). It is not enterprise-grade governance. And that distinction matters enormously for any organization operating at scale — especially in regulated industries.

    The Gap NemoClaw Doesn’t Close

    Here’s what NemoClaw explicitly does not cover, as confirmed by NVIDIA’s public reference architecture and early technical reviews:

    No API Gateway Layer

    NemoClaw does not include an API gateway in front of agent endpoints. There is no traffic-level inspection, no token rate limiting at the network layer before GPU cycles are consumed, and no verification that specific parameters in an MCP tool call conform to organizational security policy.

    No Cross-Vendor Agent Orchestration

    An agent working in Salesforce does not automatically collaborate with an agent in SAP. NemoClaw governs what happens inside the OpenClaw sandbox. It does not govern what happens across the enterprise agent ecosystem.

    No Regulator-Ready Evidence Engine

    Sandboxing and privacy routing generate logs. They do not generate compliance artifacts. DORA, the EU AI Act, FDA 21 CFR Part 11, HIPAA, CMMC 2.0 — these frameworks require pre-mapped, exportable evidence that maps directly to specific articles and requirements. NemoClaw does not produce it.

    No Multi-Agent System Governance

    The governance frameworks for multi-agent orchestration are nascent within NemoClaw. Large organizations with thousands of use cases need policy management tooling that goes far beyond YAML configurations per container.

    No Enterprise Cost Governance

    NemoClaw cannot enforce a token budget at the network layer. When agent token spend is allocated against regulated project budgets (clinical trials, defense programs, trading desks), this is not optional — it is an audit requirement.

    These are expected limitations in a brand-new reference design. The partner ecosystem is still early-stage. Buyers should ask what is shipping, when, and what testing has been completed.

    NemoClaw solves the container problem. The enterprise governance problem sits above it.

    Where Reign Meets the Stack

    NemoClaw secures the agent runtime. Reign governs the enterprise. Together, they provide defense-in-depth from kernel to boardroom.

    As an NVIDIA Ecosystem Partner, iTmethods built Reign to sit directly above NemoClaw in the governance stack. Every Reign component works standalone — and gains deeper capabilities when paired with NemoClaw’s infrastructure security. The integration is purpose-built, not bolted on.

    Three products. Each enhanced for NemoClaw:

    AI Gateway

    Routes, governs, and monitors all LLM traffic across any model and any cloud. Policy enforcement, DLP, PII filtering, cost tracking.

    With NemoClaw: OpenShell runtime becomes a configurable environment in the Gateway, Reign policies auto-translate to OpenShell YAML configs, and GPU compute costs are tracked for NemoClaw-managed agents.

    Agentic Hub

    Governs what AI agents can do. MCP tool authorization, agent-to-agent communication policies, fleet-level visibility across all frameworks.

    With NemoClaw: OpenClaw agent auto-discovery and registration, pre-approved governed agent templates, and a real-time fleet dashboard for all NemoClaw instances.

    Evidence Engine

    Generates audit-ready compliance evidence from every governance decision. EU AI Act, SOC 2, HIPAA, FDA 21 CFR Part 11 — tamper-proof trails.

    With NemoClaw: Security events flow directly into the Evidence Engine as compliance artifacts, combined Reign + NemoClaw audit trails, and EU AI Act evidence mapping for sandboxed agents.

    LayerWhat It GovernsWho Provides It
    Enterprise GovernancePolicy enforcement, fleet management, compliance evidenceReign Platform (iTmethods) — AI Gateway, Agentic Hub, Evidence Engine
    Agent Runtime SecurityKernel-level sandboxing, privacy routing, network guardrailsNemoClaw (NVIDIA) — OpenShell, OpenClaw, Privacy Router
    GPU InfrastructureCompute, model serving, hardware sovereigntyNVIDIA — DGX, RTX, Cloud GPU, On-Prem
    The Full AI Governance Stack — Defense-in-Depth from Kernel to Boardroom

    Two Paths to Governed Agents

    Here is the practical question every enterprise leader should be asking: how do we get from ungoverned agents to the full stack?

    Path 1: Govern Your Existing NemoClaw

    You’re already running (or planning to run) NemoClaw. Add Reign as the enterprise governance layer on top.

    • Reign policies auto-sync to your existing OpenShell YAML configs
    • NemoClaw security events stream into the Evidence Engine
    • OpenClaw agent fleets are managed via Agentic Hub
    • AI Gateway governs all LLM traffic alongside agent governance

    Path 2: Fully Managed NemoClaw + Reign

    You want governed agents but don’t want to build NemoClaw expertise in-house. We deploy and manage the entire stack.

    • Full NemoClaw stack deployed on your infrastructure
    • Pre-configured with Reign governance from day one
    • Cloud, on-prem, or hybrid — DGX or hyperscaler GPU
    • Compliance evidence from day one — EU AI Act, SOC 2, HIPAA ready

    Both paths converge on the same architecture. Both deliver defense-in-depth from kernel to boardroom.

    Explore both deployment paths →

    What This Means for Enterprise Leaders

    Jensen Huang framed the strategic imperative correctly: every company needs an OpenClaw strategy. But an OpenClaw strategy without a governance strategy is a security strategy without a lock.

    NemoClaw is a necessary layer — and NVIDIA building it validates everything this series has been saying for seven weeks. But NemoClaw alone does not satisfy what boards, regulators, and CISOs actually require. Consider: 87% of enterprises already have untracked AI usage. The agents are running. The question is whether you govern them — or pretend they aren’t there.

    The organizations that will lead in the agentic era are the ones building the full stack:

    • Infrastructure security (NemoClaw, OpenShell, hardware sovereignty) for runtime protection
    • Enterprise governance (Reign) for policy enforcement, cost control, and regulatory evidence
    • Organizational readiness (training, change management, compliance processes) for sustainable adoption

    Organizations that deploy NemoClaw without enterprise governance will have sandboxed agents they cannot audit. Organizations that deploy governance without infrastructure security will have policies they cannot enforce at the runtime level. Both layers are required. Neither is sufficient alone.

    INFRASTRUCTURE SECURITY
    1

    Deploy NemoClaw for runtime protection

    OpenShell sandboxing, privacy routing, and kernel-level guardrails for every AI agent. This is the foundation — every agent runs in an isolated container with configurable policy controls.

    ENTERPRISE GOVERNANCE
    2

    Deploy Reign for policy enforcement and compliance

    AI Gateway for LLM traffic governance, Agentic Hub for agent fleet management, Evidence Engine for regulator-ready audit trails. This is the layer that boards and regulators actually require.

    ORGANIZATIONAL READINESS
    3

    Build sustainable adoption processes

    Training, change management, and compliance processes for the full governed AI stack. The organizations that lead in the agentic era will have all three layers — infrastructure security, enterprise governance, and organizational readiness.

    The 90-Day Question

    If your board asked you today: “What is our OpenClaw strategy — and can you prove we are governing it?” — what would you say?

    If the answer requires more than one slide and zero hedging, you are ahead of 80% of the market. If it requires a phone call to your security team to find out how many agents are running, you are behind.

    We’ve published the full technical breakdown of how Reign and NemoClaw work together — including the governance stack architecture, two deployment paths, and the Early Adopter Program (limited to the first 10 organizations — preferred Year-1 pricing, direct roadmap input, and a dedicated solution architect) — at itmethods.com/reign/nemoclaw.

    The next piece in this series will lay out the exact 90-day rollout plan that multiple enterprises are using to go from ungoverned agents to full AI governance — with zero disruption to developers. Because the question is no longer whether to govern. It’s how fast you can get there before the regulators, the auditors, or the agents themselves force the issue.

    Paul Goldman

    CEO, iTmethods | Creator of Reign — Enterprise AI. Governed.

    See how Reign governs this

    Enterprise AI governance for regulated industries

    PG

    Paul Goldman

    CEO, iTmethods

    Creator of the Fortress platform for AI governance in regulated industries. Previously published "MCP Is Exploding. Your Governance Isn't Ready."

    Continue the AI Governance series

    Or share your thoughts here

    Your comment will appear on this page. The best insights may be shared in the LinkedIn discussion.

    Get Paul's next article before it publishes

    Join 500+ security leaders