Secure agent workflows in GitHub Copilot with NVIDIA OpenShell | DEMSP387

Agentic workflows in GitHub Copilot can run complex tasks with broad access to local systems. In this session, see how to enforce policy and governance for agents operating in CLI environments. You’ll walk through how NVIDIA OpenShell applies kernel-level controls, isolates agent processes, and limits permissions based on task context. Learn how to apply zero-trust principles to secure agent-driven development workflows. Seating for this session is first-come, first-served. Add it to your schedule to plan your day and arrive early to secure a spot. 𝗦𝗽𝗲𝗮𝗸𝗲𝗿𝘀: * Ali Golshan * Alex Watson 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻: This is one of many sessions from the Microsoft Build 2026 event. View even more sessions on-demand and learn about Microsoft Build at https://build.microsoft.com DEMSP387 | English (US) | Developer tools & frameworks Demo | (200) Intermediate #MSBuild Chapters: 0:00 - Deterministic policy and governance at infrastructure level 00:03:43 - Core runtime primitives: gateway, sandboxes, and policy enforcement 00:06:09 - Introduction of unique capability through policy prover technology 00:08:23 - Three privacy router use cases for managing PII and inference routing 00:11:16 - Policy enforcement and automation introduction 00:12:00 - Sandbox restart and concurrency capabilities 00:14:24 - Final results written to GitHub and sandbox cleanup 00:18:11 - Overview of Open Shell ecosystem and partnerships 00:21:07 - Explanation of dynamic agent security policy negotiation under zero trust model