Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
NVIDIA’s transition from designing GPUs for 3D graphics to becoming the leading force driving AI factories, hyperscalers, and neoclouds is transforming technology.
Enterprises are rapidly adopting NVIDIA AI stacks to build and run production systems ranging from generative AI for large language models (LLM) to agentic AI-powered autonomous systems. Security teams can struggle to keep pace with AI risks, especially as AI technology, and the way enterprises use it, continues to evolve.
Standards are still emerging. Teams are building fast, but few know what “good” looks like in production. Organizations can focus on model safety, prompt filtering, pre-deployment controls, and other preventative controls, but the real security risk lives at runtime.
This is where organizations can use NVIDIA and Sysdig together to turn innovation into production-ready solutions. NVIDIA provides native controls for the AI software development lifecycle. Sysdig secures the runtime perimeter of NVIDIA AI environments, providing teams with the real-time visibility and context needed to prevent issues and stop threats as they happen.
Security as a foundational requirement
NVIDIA takes a strong approach to end-to-end security. According to NVIDIA CEO and founder Jensen Huang:
“Security must be built into every layer, from silicon to software, to protect data, applications, and infrastructure.”
NemoClaw clearly reflects this intention by adding guardrails and an agent sandbox with OpenClaw. This philosophy of built-in security extends across the broader NVIDIA stack. Resources like NIM, which provides hardened images with signed models and audited dependencies, and the NeMo framework, which includes these guardrails, reinforce this vision across runtime and the control plane layers.
The next step is to extend this foundation with runtime visibility and security controls integrated across existing cloud infrastructure.
NVIDIA’s LLM and agentic stack
AI systems are built on cloud-native architectures. They get the same benefits of speed and scale, but they also inherit the same security challenges. By leveraging models, agents, containers, and cloud services, AI infrastructure is complex. Its attack surface spreads across identities, workloads, and data.
Defending AI infrastructure requires multiple layers of security.
To illustrate this cloud reality, consider two common use cases in today’s AI-powered enterprise environments.
In the image above, a virtual retail sales assistant (left) uses Nemotron LLM with NIM and NeMo in production. On the right is an IT operations multi-agent system built with NemoClaw, which consumes a model from NVIDIA Cloud via API.
From a security perspective, NVIDIA’s baseline safeguards include NVIDIA NeMo Guardrails (left) for prompt level protection, and OpenShell (right) for sandboxed agent processes. Both measures are important, but neither is comprehensive.
LLM Guardrails are vulnerable to evasion techniques like Adversarial Machine Learning, having documented injections and jailbreaks.
OpenShell provides a reasonable isolation baseline, but it inherits the container escape risk observed in standard runtimes (e.g., CVE-2019-5736 in runc). While the sandbox isolates the agent’s processes, it does not govern access to external resources, data, or services, which must be controlled through additional policy layers. There’s also a runtime coverage gap.
Sysdig and NVIDIA: stronger defense together
In the revised diagram above, we can see how adding Sysdig completes the security picture for an enterprise grade AI solution. Here’s how:
Input and output control
NVIDIA brings NeMo GuardRails to control prompt inputs and manage the unpredictability. Garak, NVIDIA’s generative AI red teaming toolkit, assesses prompt vulnerabilities and guardrail gaps. When Garak is equipped with the proper probe and combined with Sysdig, it helps surface computing exploits.
Fortify the supply chain
Adversarial AI is already tilting the balance toward attackers, driving more supply chain attacks.
Sysdig continuously scans pipelines and runtime environments to detect and remediate vulnerabilities.
Manage risks and agent boundaries
OpenShell provides runtime sandboxing; Sysdig enforces configuration to prevent escapes and lateral movement, while delivering deep, multi-layer risk insights.
Monitor the runtime perimeter
Sysdig delivers real-time visibility across resources, services, and identities, detecting anomalous access and malicious behavior to contain threats fast, either through human intervention or automation.
Keep data safe
Sysdig monitors sensitive data and adds enriched context, helping reduce the potential blast radius of an attack.
Sysdig has proven effectiveness against real-world threats
The risk to AI is real. Recent incidents show that AI infrastructure is already being targeted through familiar paths: exposed APIs, vulnerable containers, and compromised dependencies. Model serving endpoints and agent frameworks expand the attack surface.
At the runtime level, risks such as container escapes and unauthorized network access remain highly relevant, especially in multi-agent environments where components dynamically interact with external systems.
Sysdig addresses these realities by focusing on posture, risk, and actual runtime behavior: detecting anomalous processes, unexpected outbound connections, and privilege misuse. This enables teams to identify and stop real attacks as they unfold, not just theoretical ones.
Ready to discover how to secure and accelerate AI innovation with Sysdig? Request a demo.
*At this writing, NVIDIA NemoClaw was still in alpha.
More about Sysdig and NVIDIA technologies
Blog post: Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine
White paper: Operational security for OKE GPU-accelerated AI Applications