NVIDIA just put a long running AI agent into the verification loop for its own chips. The press release names every part of the stack except who signs the bug report.
NVIDIA is using its own agent to verify its own chips. The company's May 31 announcement from GTC Taipei names Cadence's ChipStack AI Super Agent, secured inside NVIDIA's new OpenShell runtime, as the tool that will autonomously verify NVIDIA's own silicon designs. That is not a marketing flourish. It is the clearest admission yet from a chipmaker that the only credible way to ship the next generation of accelerators is to put a long-running AI agent in the verification loop, then trust it enough to ship the result.
It also exposes the part the announcement does not name. Across roughly 1,400 words of the NVIDIA press release, there is no external party, contract, or standard that takes responsibility when the agent is wrong. Not the model vendor (NVIDIA, via Nemotron 3 Ultra). Not the harness provider (Hermes Agent, LangChain Deep Agents, OpenClaw, OpenHands, OpenCode). Not the secure runtime (OpenShell). Not the EDA vendor (Cadence, Synopsys, Siemens). The release is, instead, a careful inventory of what NVIDIA has built, and an equally careful silence about who signs the bug report when the autonomous engineer ships a flawed verification.
That silence is the story.
The new stack is a real platform. At its center is Nemotron 3 Ultra, a smaller, faster model built for long-running agents that NVIDIA has post-trained for "agent harnesses," the long-running software loops that let an LLM call tools, read files, run tests, and iterate. NVIDIA claims up to 5x faster inference and roughly 30% lower cost than other open frontier models in its class. Both numbers are vendor benchmarks, run against competitors NVIDIA chose, and should be read as a marketing claim, not an independent measurement.
Around the model, NVIDIA has wrapped four layers. NemoClaw is a set of reference blueprints, pre-built harnesses for specific enterprise jobs, that partners can clone. OpenShell is the policy and privacy runtime: the part that decides what the agent is allowed to see, what tools it can call, and what it is forbidden to do. CUDA-X, NVIDIA's library stack for accelerated computing, is now exposed as "agent skills," meaning an autonomous agent can dispatch a job to a GPU and read the result back, with no human in the middle. A roster of partner integrations (CrowdStrike for security operations, Palantir for data and decision workflows, Microsoft for distribution, Canonical and Red Hat for Linux, Foxconn for manufacturing) gives the platform a credible enterprise footprint on day one. The IT Brief Asia wire framed the announcement as a product release. The accountability question, so far, has been left for the buyers to figure out.
The verification use case is the canary. Cadence's ChipStack AI Super Agent is described as the industry's first "fully autonomous virtual" AI engineer for chip design and verification. According to the NVIDIA release, ChipStack running inside OpenShell will autonomously verify NVIDIA's own chip designs. The press release does not quantify how many of NVIDIA's verification hours ChipStack will absorb, what tasks are out of scope, or what happens to the human verification engineers whose jobs are partly replaced. It also does not say which party carries the cost of a missed bug.
For a chip of meaningful complexity, functional verification is the longest pole in the development cycle. It is also the part where a missed bug becomes a respin, a multi-million-dollar mistake measured in months, not minutes. A verification engineer who once spent six weeks chasing a corner-case race condition is exactly the person who needs to know whether the agent that replaces them signs the bug report, the EDA vendor signs it, or the chipmaker signs it. The NVIDIA announcement is silent on that question.
The same gap shows up across the rest of the partner list. Siemens is bringing a Fuse EDA AI Agent into the same NemoClaw blueprint, according to the Digital Applied GTC 2026 recap. Synopsys is building on the same OpenShell runtime. CrowdStrike and Palantir are running long-running security and decision agents on the stack. Every one of those domains (chip verification, factory simulation, security operations, intelligence analysis) has the same shape. The agent is allowed to take consequential action. The blast radius of a wrong action is large. The organization that absorbs the loss is undefined.
This is not an accident of phrasing. It is the open question the agent industry has not answered.
Some accountability has begun to crystallize elsewhere in the AI stack. Model vendors publish model cards. Cloud providers sign business associate agreements under HIPAA. SaaS vendors sell SLAs. None of those instruments cover an autonomous agent that reads a private repository, calls a tool that mutates a database, and ships a result to production over the course of hours. The closest analogue is the early-cloud debate about who was on the hook for a misconfigured S3 bucket. That debate ran for almost a decade before auditors, regulators, and customers settled on shared-responsibility models. The agent version of that debate is just starting.
NVIDIA's OpenShell is the company's answer to the policy half of the question. It governs what the agent can see and do. It does not, by itself, allocate liability. The press release uses words like "secure," "policy," and "privacy-aware." It does not name a contract, a warranty, an indemnification clause, or an insurance product. For an enterprise buyer, that is the missing row in the matrix.
A defensible trust chain for a long-running agent probably needs at least four named roles. The model vendor (here, NVIDIA) warrants the model's behavior inside a documented distribution. The runtime vendor (OpenShell) warrants that the policy it enforces was actually enforced. The integrator (Cadence, Siemens, Synopsys, or whoever shipped the agent harness) warrants the specific workflow. And the customer signs the residual risk: the part that no warranty covers, and that an insurer or a regulator will eventually have to price. None of those four roles appear in the NVIDIA announcement with an attached name, a contract, or a price.
That is the work the industry has to do before these agents ship at the cadence NVIDIA is selling. The technology for long-running agents is now real, and the platforms are now integrated. The trust stack is not.
What to watch next. The first consequential question is whether Cadence, Synopsys, or Siemens publishes a contract for ChipStack or its equivalents that names a warranty, a cap on damages, and an indemnification clause. The second is whether OpenClaw, OpenHands, or one of the open-agent harness projects grows an audit log that regulators and customers can use to reconstruct what an agent did and why. The third is whether an early incident (a missed bug in a chip that ships, a security agent that breaks a production system, a verification agent that rubber-stamps a flawed design) produces a public postmortem, the way the early cloud outages did. The history of cloud computing suggests that the first high-profile agent failure will set the language the rest of the industry uses for the next decade.
NVIDIA has put a working autonomous agent into the most demanding verification loop in commercial computing, on its own silicon, using its own models and runtime. That is the right move. The next move belongs to the rest of the industry: building the trust layer that the press release did not.