CrowdStrike & Nvidia unveil secure design for AI agents
CrowdStrike and Nvidia have outlined a joint "Secure-by-Design" architecture for autonomous AI agents, linking CrowdStrike's Falcon security platform with Nvidia OpenShell, an open-source runtime for running and governing agent workloads.
The companies disclosed the work at Nvidia's GTC event as part of a broader collaboration to secure emerging AI infrastructure. The focus is on AI agents, which are expected to move beyond assistant-style tools and take actions across systems with limited human input.
Agent security
AI agents differ from earlier AI deployments because they can take actions, call tools, and access services. This creates a broader security surface than prompt-and-response chat interfaces. Agents can also operate with privileged identities, increasing the risk of errors, misuse, or malicious manipulation.
Existing controls often rely on static policies or point-in-time checks. CrowdStrike and Nvidia argue that agent deployments require continuous oversight across development and runtime, with coverage for components around the model such as identities, endpoints, and cloud environments.
The blueprint integrates Falcon protection directly into OpenShell, an open-source runtime within the Nvidia Agent Toolkit. OpenShell uses isolated sandboxes, private inference, and built-in policy enforcement for agent execution.
OpenShell integration
Under the architecture, Falcon AI Detection and Response integrates with OpenShell to provide real-time coverage for prompts, responses, and agent actions. The design treats these elements as signals to be monitored and governed during execution, rather than assessed after the fact.
The blueprint also ties in other parts of the Falcon platform. Falcon Endpoint Security is positioned as the control layer for local agent deployments on Nvidia DGX Spark or DGX Station running OpenShell, with host-level controls and behavioural monitoring across system activity and agent execution.
For cloud and data centre deployments, Falcon Cloud Security is set to protect agents built on the open-source Nvidia AI-Q Blueprint for deep research. The companies said this adds runtime controls and visibility across both infrastructure and AI workloads.
Identity controls
Another element centres on identity. Falcon Next-Gen Identity Security is expected to provide dynamic identity management for local agents, enforcing access controls across data, APIs, and services to keep agent activity within defined privilege boundaries.
The blueprint also includes "intent-aware" controls intended to govern how agents plan and execute tasks. CrowdStrike and Nvidia said the aim is to limit the impact of unintended actions or malicious behaviour while preserving some autonomy during execution.
The architecture is designed to span multiple environments, covering workloads running locally on DGX Spark and DGX Station as well as cloud deployments built on Nvidia AI-Q.
Market context
AI security has become a bigger theme in enterprise deployments as organisations move from pilots to systems embedded in business processes. Many security teams already treat model access, data exposure, and application integrations as governance issues. Agent-based tools add operational risk because agents can take actions across systems rather than simply guide users.
In response, vendors are increasingly positioning AI security around runtime monitoring, policy enforcement, and identity governance, rather than traditional controls focused on static configuration and periodic assessment.
Daniel Bernard, Chief Business Officer at CrowdStrike, said the shift from assistants to agents changes the risk profile for organisations. "As we enter the agentic era, agents no longer simply assist - they act," Bernard said. "This shift fundamentally changes the security equation, and security must be embedded into the AI stack itself. Together with NVIDIA, we are delivering a Secure-by-Design architecture that enables organizations to operationalize agents with confidence and control."
Justin Boitano, Vice President, Enterprise Platforms at Nvidia, linked the blueprint to broader adoption of agent tooling in business. "Autonomous agents will fundamentally reshape how we work," Boitano said. "By integrating CrowdStrike's security platform with the NVIDIA Agent Toolkit, we're enabling enterprises to build and scale safer, autonomous AI agents to help transform their operations, empower every employee, and securely generate intelligence at the speed of business."
CoreWeave, a cloud infrastructure provider that has expanded around GPU computing, also commented. "AI infrastructure is moving from experimentation to mission-critical production," said James Higgins, Chief Information Security Officer at CoreWeave. "As we scale GPU-accelerated environments, AI agents must be observable, governed, and resilient by design. The collaboration between CrowdStrike and NVIDIA secures AI systems at the foundation - enabling high-performance AI environments without compromising control."
CrowdStrike said the blueprint reflects its focus on embedding security controls into AI systems across local and cloud deployments as organisations increase their use of autonomous agents in production.