Purpose-built for AI infrastructure, NVIDIA BlueField DPUs combine high-performance networking, programmable compute, hardware acceleration, and advanced security capabilities into a single platform embedded into every AI factory compute node. Unlike traditional security approaches that rely on host system software, BlueField establishes a hardware-enforced, in-silicon, and workload-independent security layer. Operating within its own trusted execution domain, BlueField isolates infrastructure and security services from the host system. Monitoring, policy enforcement, and telemetry operate eve
Advancing AI Infrastructure for Agentic AI with NVIDIA DOCA In-Silicon Security | NVIDIA Technical BlogDOCA Flow is a foundational library within the DOCA software platform that enables developers and cybersecurity providers to create high-performance, hardware-accelerated packet processing pipelines on BlueField processors. Through a programmable API, developers can define packet processing “pipes” that execute directly in networking hardware, offloading networking and security operations from the host CPU while maintaining ultra-low latency and high throughput. By executing packet inspection, encryption, filtering, and policy enforcement directly in silicon, DOCA Flow enables network security
Advancing AI Infrastructure for Agentic AI with NVIDIA DOCA In-Silicon Security | NVIDIA Technical BlogBefore a verified skill reaches the NVIDIA Skills catalog, NVIDIA runs it through SkillSpector as part of the publication validation pipeline. This approach treats the skill as a deployable agent capability rather than as a static prompt. SkillSpector checks conventional software risks such as vulnerable dependencies, suspicious scripts, dangerous code patterns, credential access, and data exfiltration paths. SkillSpector also checks agent-specific risks, such as hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning, and mismatches between a skill’s declared p
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents | NVIDIA Technical BlogAn NVIDIA-verified skill starts in a source repository owned by a product team. From there, it moves through a publishing flow that can include both human review and automated policy checks, followed by scanning, evaluation, generation of the skill card, signing, cataloging, and synchronization into the public catalog. Each verified skill is paired with a skill card, a machine-readable trust record that explains the following: What the skill does Who built the skill How is the skill licensed What are the skill dependencies What are the known technical limitations, risks, and mitigatio
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents | NVIDIA Technical Blog… This process results in a structured review signal that helps NVIDIA block or remediate risky skills prior to publication. SkillSpector scanning coverage is grounded in recognized AI security governance, including OWASP guidance for LLM , agentic AI risks , and MITRE ATLAS . …
… Instead of producing a one‑shot answer, it returns a ranked set of remediation plans with trade‑offs for performance, risk, and policy. …
… This creates a risk of user habituation where they simply approve potentially risky actions without reviewing them. A key requirement for agentic system security is finding the balance between hands-on user input and automation. …
… Long-running agents like OpenClaw have shown productivity gains but also pose security risks. Today’s agent runtimes resemble the early days of the web. They’re powerful but missing core security primitives: sandboxing, permissions, and isolation. …
… DOCA Flow enables cybersecurity providers to accelerate advanced security services directly on BlueField. This includes Layer 7 firewalls, AI security gateways, application-aware inspection, and policy enforcement services purpose-built for accelerated infrastructure and agentic AI environments. …
… Before joining NVIDIA, Manuel worked for Microsoft and Fraunhofer AISEC on cloud computing, private containers, operating systems, and security. He has received a PHD in IT-security from Technical University of Munich. …
… The interesting security properties are: Reliability as a security property . Restricting the action surface can decrease uncertainty in the action space. Policy encoded as syntax . …
… Key security features include network and filesystem isolation managed by OpenShell, real-time policy approval for external access, and full local inference to ensure that no data leaves the device during agent operation. …
… How to secure local agents with Microsoft eXecution Containers and NVIDIA OpenShell At Microsoft Build, Microsoft announced a set of security primitives to allow agents to execute code, operate on files, and orchestrate tasks across systems with built-in identity and policy execution. …
… Safety and Security Use NeMo Agent Toolkit safety and security middleware features to Red Team agentic workflows and find points of exploitability and vulnerabilities like prompt injection, jail break, tool poisoning, and other custom attacks. Visualize the results on a dashboard and analyze risks. …