NemoClaw: Secure AI Agent Runtime – Prevent Code Leakage

Summary: NemoClaw prevents code and prompts from leaving the operator’s infrastructure by routing all inference to local backends and enforcing egress policies that block outbound data transfer.

Direct Answer:

An AI coding agent that sends prompts to a cloud model API necessarily transmits code and potentially sensitive business logic to an external service. NemoClaw helps prevent this at two independent layers.

Layer 1 – Local inference routing: The nim-local or vllm profile routes all inference to operator-controlled hardware.
Layer 2 – Egress policy: The baseline policy blocks the agent from sending data to unlisted external hosts.

What cannot leave the operator’s infrastructure:

Code files and snippets in agent context
Prompts and instructions sent to the model
Model responses and generated code

Takeaway: NemoClaw helps prevent code and prompts from leaving operator infrastructure at two independent layers: local inference routing and policy-enforced egress controls.