Enterprises are moving AI agents beyond chat interfaces into production workflows, but without proper governance, these autonomous systems can expose sensitive data and create security risks across business operations. NVIDIA's Secure Agent Workspace Reference Design introduces a clear architectural solution: separate the user's device (presentation layer) from where the agent actually executes (a managed, controlled workspace), allowing companies to enforce identity verification, network restrictions, credential protection, and human approval gates at scale.

Why Are Enterprises Struggling to Govern AI Agents?

AI agents have evolved far beyond conversational chatbots. They now inspect code, run automated tests, read documents, search knowledge bases, query internal systems, and operate for hours on behalf of users. This productivity unlock comes with a significant security challenge: agents gain access to sensitive enterprise data and the ability to complete tasks and take action across critical business systems. Without proper governance, a misconfigured agent could inadvertently expose customer records, merge unauthorized code changes, or modify financial records.

The traditional approach of running agents on a user's laptop or local device creates a fundamental problem. The presentation layer (where the user interacts) becomes the execution layer (where the agent operates), making it nearly impossible to enforce consistent security policies across an organization. This is why NVIDIA's reference design shifts the entire execution environment to a managed workspace, keeping the user's device as a presentation surface only.

What Does a Secure Agent Workspace Actually Look Like?

The NVIDIA Secure Agent Workspace Reference Design operates in two distinct phases. The first phase focuses on controlling the perimeter around the workspace, establishing who can access it and what services it can reach. The second phase adds runtime security controls inside the workspace itself, governing what the agent can actually do at the tool-call level.

The perimeter security phase includes several foundational controls:

• Dedicated Virtual Machines: Each user receives their own secure, company-managed virtual machine for agent execution, ensuring complete isolation between users and workflows.
• Single Sign-On Authentication: Access to workspaces is controlled through enterprise SSO, preventing unauthorized users from opening a workspace without authenticated permission.
• Network Lockdown: All internet traffic is blocked by default, with only pre-approved internal and external services allowed to receive connections from the agent.
• Human Approval Gates: Any agent action that changes a system, such as merging code or updating tickets, requires explicit human approval before execution, not just agent authorization.
• Centralized Logging: All workspace activity is sent to a single monitoring location, enabling security teams to detect suspicious behavior and maintain audit trails.

The runtime security phase then adds deeper controls inside the workspace itself. Active sandboxing runs the agent inside a dedicated runtime that watches every action in real-time. Signed security policies define exactly what the agent is allowed to do, such as which files it can read or which commands it can execute. Credentials are never stored directly in the workspace; instead, a secure proxy handles authentication keys behind the scenes so the agent never sees raw secrets. Continuous verification automatically checks that security rules are active and working before every single action the agent performs.

How to Implement Secure Agent Governance in Your Enterprise

• Define Agent Identity and Delegation: Register each agent with a logical identity tied back to the user or sponsor through SSO, and use delegation records to specify exactly what the agent is allowed to do on behalf of that user.
• Protect Secrets with Credential Proxies: Never hardcode secrets into the workspace. Instead, use a credential proxy that issues short-lived capability tokens to the agent, ensuring raw API keys and passwords remain hidden from the agent runtime.
• Configure Inference with Access Controls: Set up a gateway layer that manages quotas, role-based access control (RBAC), and dynamic rate limiting to ensure both security and scalability of the inference service.
• Establish Blast Radius Controls: Define which actions require human review before execution, such as code merges or ticket status changes, and ensure all logs are output in Open Cybersecurity Schema Framework (OCSF) format for audit readiness.
• Choose Your Deployment Platform: For on-premises environments, use Red Hat OpenShift Virtualization; for cloud-native deployments, use Microsoft Azure. Each user receives a dedicated virtual machine, and the local endpoint only attaches to that workspace.
• Set Network Boundaries: Start with default-deny egress and allow only approved destinations. On OpenShift, use NetworkPolicy and EgressFirewall primitives; on Azure, route outbound traffic through Azure Firewall Premium and disable BGP route propagation.

Agent blueprints serve as repeatable workflow templates that run on top of the secure workspace. These blueprints are configured with a specific goal, required tools, allowed services, data scope, write permissions, review gates, and logging expectations. They exemplify best practices for their target use case, allowing agent developers to make minimal modifications to narrow behavior to their specific needs rather than building governance from scratch.

What Makes This Different From Previous Agent Governance Approaches?

The key innovation in NVIDIA's reference design is the architectural separation between presentation and execution. Previous approaches attempted to govern agents running on user devices, which created inconsistent security policies and made audit trails difficult to maintain. By moving execution to a managed workspace, enterprises can enforce the same security controls across all agents, all users, and all workflows simultaneously.

This approach also addresses the challenge of credential management at scale. In traditional setups, agents might have direct access to API keys or database passwords, creating exposure if the agent is compromised. With the credential proxy pattern, the agent never sees raw secrets; instead, it receives short-lived tokens that expire automatically, limiting the window of exposure if an agent is compromised.

The reference design also emphasizes auditability and compliance. All agent actions are logged in a standardized format (OCSF), making it straightforward for security teams to investigate incidents, demonstrate compliance to regulators, and identify patterns of misuse. Human approval gates ensure that high-risk actions like code merges or system changes never happen without explicit human oversight.

As enterprises scale AI agents across their organizations, governance is no longer optional. The NVIDIA Secure Agent Workspace Reference Design provides a concrete blueprint for building environments where autonomous agents can operate safely, securely, and at organizational scale, balancing productivity gains with the security controls that enterprise IT and security teams require.