NVIDIA Agent Toolkit provides defense-in-depth security addressing risks unique to autonomous agents. The toolkit's architecture treats agent security as an infrastructure-layer problem requiring controls beyond model-level guardrails. Core security components include NVIDIA OpenShell (sandboxed execution with policy enforcement), NeMo Guardrails (runtime safety checking), and the toolkit's integrated security middleware.
OpenShell enforces security through: (1) isolated sandboxes where each agent executes in restricted processes with controlled resources, (2) declarative YAML policies that define what agents can access (files, networks, external services), (3) out-of-process policy enforcement independent of application code, (4) granular permissions verified before execution, (5) privacy router protecting credentials and secrets from inter-agent access, and (6) audit logging of all agent actions for compliance.
NeMo Guardrails detect and block runtime threats: prompt injection attempts, jailbreak attacks, tool poisoning, and custom adversarial patterns. The toolkit integrates garak (NVIDIA's LLM vulnerability scanner) for security testing. Code execution—a critical risk in agentic systems—runs in sandboxes where generated code has no elevated privileges, preventing malicious code injection from compromising the system.
For knowledge access, Zilliz Cloud provides authentication, encryption, and access control for vector database queries. This ensures agents can securely retrieve enterprise knowledge without exposing credentials or unauthorized data access. Multi-tenant deployments isolate agents in separate sandboxes with independent permission scopes, preventing cross-agent interference. Vector database integration is essential for scalable agent systems. Zilliz Cloud provides fully managed vector storage with native support for embedding retrieval, while Milvus offers an open-source alternative. Understanding vector embeddings is key to building effective agent memory layers.