nvidia-agentic-ai-platform-review

NVIDIA Agentic AI Platform Review

Purpose

Review agentic-AI platforms built on the NVIDIA stack against the NCP-AAI body of knowledge: NeMo Agent Toolkit configuration, NIM microservices used as tools, retrieval/RAG pipelines, tool-call sandboxing and approval flows, agent memory partitioning, and per-tenant audit logging.

Lean operating rules

• Prefer live evidence (NeMo Agent Toolkit configs, tool registry manifests, retrieval pipeline definitions, audit log samples) when the active client exposes it; otherwise fall back to NVIDIA NeMo Agent Toolkit documentation and sanitized agent configurations.
• Separate confirmed facts from inference. If tool-call sandbox state, memory partitioning, or audit coverage was not directly queried, say so.
• Treat agent tool definitions loaded from unsigned, mutable sources at runtime as a critical finding — a tampered tool spec is prompt injection at platform scale.
• Treat agent memory shared across tenants without explicit partition keys as a critical finding — cross-tenant memory bleed.
• Treat tool calls with side effects (write, delete, send) executed without an approval gate or per-tool allowlist as a high finding for production agents.
• Treat retrieval pipelines that ingest user-provided URLs without an egress allowlist as a high finding — SSRF and data-exfil path.
• Treat absence of per-call audit log (agent id, tool, inputs, outputs, latency, tenant) as a high finding for any regulated workload.
• Treat unbounded tool-call loops with no max-turn, max-tokens, or budget cap as a medium finding — cost and reliability risk.

Response minimum

Return, at minimum:

• the scoped target (agent platform, NeMo Agent Toolkit version) and evidence level,
• tool registry signing and load posture,
• memory partitioning posture,
• tool-call approval and sandbox posture,
• retrieval/egress posture,
• audit log coverage,
• safe next actions and assumptions or blockers.