NVIDIA GTC 2026: Our Takeaways on AI & Agentic Data Security

We had a chance to meet with several companies at NVIDIA GTC 2026 last week. The keynote was electric, the innovation was real, and Jensen Huang didn't mince words: "Agentic systems in the corporate network can access sensitive information, execute code, and communicate externally." He may have meant it as a statement of capability. I heard it as a statement of risk.

Nearly half of cybersecurity professionals now rank agentic AI as their top threat concern heading into 2026.  According to CyberArk's 2025 Identity Security Landscape and Rubrik Zero Labs research, machine identities already outnumber human employees 82 to 1 in most enterprises. IBM's 2026 X-Force data shows a 44% surge in attacks on public-facing applications, driven by AI-powered scanning that makes attackers faster and harder to stop. 

It’s not just bad actors that are getting faster; the industry overall is building at an incredible pace. But speed without governance isn’t sustainable - it’s exposure - and while the NVIDIA framework is a good start, it doesn’t yet include a solution for real-time PII redaction from structured databases and unstructured files before LLM ingestion. This is what Dymium is uniquely built for - a new model for secure, compliance-aware data access that moves at the pace of AI.

The Good News: Security Is Shipping at Launch, Not After

Here's something I didn't fully expect to see at GTC and as a security professional, it gave me real optimism. For the first time on a major AI platform release, security wasn't an afterthought. Several security vendors announced protection for NVIDIA's agentic AI stack. The industry is finally starting to treat governance as a first-class citizen in AI architecture, not something you retrofit after the breach. It's a meaningful step… albeit incomplete. 

• A Multi-Vendor Security Framework - Not a Monoculture - Rather than building one monolithic security product, NVIDIA mapped out a five-vendor governance framework with clear, distinct lanes: CrowdStrike on agent identity and decisions, Palo Alto Networks on cloud runtime, JFrog on supply chain provenance, Cisco on prompt-layer inspection, and WWT on pre-production validation. This is the right instinct – no single vendor owns every threat surface in an agentic system. What it also signals is that purpose-built, focused tools belong in this stack. Dymium's lane - governing and securing the data that agents actually touch — is clearly on the map.
• NVIDIA OpenShell: The "Android for Agents" - OpenShell is NVIDIA's open source agent runtime — a foundational execution layer that bakes policy-based security, network controls, and privacy guardrails directly into how agents run, rather than bolting them on afterward. Jensen's analogy was simple and stuck with me: every company is going to need an OpenClaw strategy, just like they once needed an HTTP or Kubernetes strategy. That's not hype — that's an inflection point. NVIDIA is already building OpenShell compatibility with Cisco, CrowdStrike, Google, Microsoft Security, and TrendAI. <Note:  Dymium has been quietly building our own OpenClaw strategy. Watch this space.>
• NemoClaw: The Enterprise-Ready Layer on Top - NemoClaw is the production-grade version of OpenClaw, purpose-built for enterprises that need privacy and security controls at scale. Short version: it's what takes agentic AI from "promising in the lab" to "something a CISO can actually approve." It gives organizations a complete, governed agentic stack without having to stitch one together themselves.

The Gaps That Still Remain

GTC was encouraging — but there are still some areas unsolved. A few gaps stood out as genuinely critical.

• Agent-to-agent identity: When agents delegate tasks to other agents, there's currently no trust policy framework that governs that handoff. At an 82:1 machine-to-human identity ratio, that's not an inventory problem — it's a governance crisis waiting to happen.
• Memory integrity: Stateless LLM calls are relatively contained. But agents with persistent memory are a different animal entirely — poison an agent's long-term memory once, and you can influence its decisions for weeks without anyone noticing.
• Registry-to-runtime provenance: Knowing a model was scanned and signed in a registry means nothing if you can't cryptographically prove that the exact same artifact is what's executing in production.
• The MCP vulnerability surface: Independent research across more than 7,000 MCP servers found that over a third contain vulnerabilities, and attack success rates in MCP integrations run 23 to 41 percent higher than in non-MCP environments. Dark Reading, (January 2026 / Backslash Security MCP Server Security Hub)
• Finally, there's an unmentioned, pervasive, foundational issue that affects all of these: data access and governance. Identity management, data integrity, real-time policy enforcement, and unstructured data access all remain largely unsolved for enterprises trying to put their data to work with GenAI and agentic applications. This isn't a niche problem — it's the reason according to Gartner that over 60% of enterprise AI initiatives stall before they reach production.

Where Dymium Fits — and Why GTC Validated Our Thesis

Walking away from GTC, I felt something I don't always feel at industry conferences: genuine confirmation that we're building the right thing.

NVIDIA's entire agentic stack rests on one core assumption — that data access by agents must be governed at the point of request. That's precisely what Dymium does. We intercept every data request in real time, apply policy-driven masking and redaction, and ensure sensitive data never reaches an LLM unless it's supposed to. Not as a pipeline step. Not when the developer remembers. At the moment of access, every time.

What's notably absent from the framework NVIDIA unveiled is a solution for real-time PII redaction from structured databases and unstructured files before LLM ingestion. No vendor on that stage addressed it — not because they overlooked it, but because it's a fundamentally different problem than governing the runtime. It's the gap that legacy DLP and ETL tools have never been able to close.

That's Dymium's lane - compliance-first, data-centric, zero-copy secure access — for both the structured records sitting in your databases and the unstructured documents living in your file systems and SharePoint libraries. We work with the NVIDIA OpenShell open source agent runtime. The platform sets the rules for how agents operate. We enforce what data those agents are actually allowed to see.

The infrastructure is getting better. But until the data layer is held to the same standard as the compute layer, enterprises will keep hitting the same wall. GTC made it clear the market knows it. We're here to solve it.

Take Control of AI >>