What you need to know

  • Project Arc is a desktop agent, not a chatbot. ServiceNow and NVIDIA announced it at Knowledge 2026 as a long-running, self-evolving autonomous agent for knowledge workers — developers, IT teams and administrators — that reportedly thinks, writes code, executes and adapts across enterprise tools without pre-built workflows.
  • Governance is the headline, not the model. Arc is secured by NVIDIA's OpenShell runtime — an open-source, sandboxed, policy-governed execution environment — and governed by ServiceNow AI Control Tower, which logs file access, command execution and API calls.
  • Open weights are in the stack. NVIDIA's Nemotron open models are offered as building blocks, with NVIDIA reporting that Nemotron 3 Super leads open-weight models on its EnterpriseOps-Gym benchmark.
  • It is an early preview. The autonomy claims are vendor-stated and largely unproven at scale. Treat "self-evolving" and "always-on" as direction of travel, not shipped guarantees.

If you build with AI for a living in Bengaluru, Pune, London or Manchester, the interesting part of this announcement is not the demo. It is the architecture around the demo: a permission layer, an audit trail and an open-weight model you can inspect. That combination is what enterprise buyers in regulated sectors have been waiting for, and it reshapes what "shipping an agent" means for the next two years.

From chat assistant to persistent agent

The first wave of enterprise AI was request-response. A user asks, the assistant answers, the session ends, and nothing persists but a chat log. Project Arc represents the second wave: an agent that stays resident on the desktop, holds a long-horizon task in view, accesses the local filesystem, terminals and installed applications, and — reportedly — learns from the workflows it observes rather than resetting every turn.

That is a genuinely different engineering problem. A chat assistant that hallucinates gives you a wrong sentence. A persistent agent that hallucinates runs a wrong command. The blast radius moves from text to actions, which is exactly why the OpenShell-plus-Control-Tower framing matters more than any benchmark number. The table below sets out the shift as builders will experience it.

Dimension Chat assistant Persistent desktop agent (Project Arc-style)
Lifespan Single session, stateless Long-running, resident, carries task state
Surface it touches A text box Local files, terminals, apps, enterprise systems
Failure mode Wrong answer Wrong action, potentially irreversible
What contains it Content filters Sandboxed runtime + explicit permissions
What you must log Prompts and completions Every file access, command and API call
Skill that matters most Prompt design Eval, tool design, observability

Sierra and others have been building agent infrastructure for exactly this transition — see our earlier note on Sierra's raise for enterprise agent infrastructure. Project Arc is the same thesis with two of the largest enterprise vendors behind it, which means the pattern is now a procurement conversation, not a research curiosity.

Why runtime security and governance are the story

OpenShell is described as an open-source secure runtime for developing and deploying autonomous agents in sandboxed, policy-governed environments. In plain terms: enterprises define what the agent is allowed to touch, which tools it can call, and where each action is contained. ServiceNow AI Control Tower sits above it, monitoring behaviour in real time and keeping a complete audit trail across the agent's lifecycle. NVIDIA's Kari Briski framed the point directly — delivering long-running autonomous agents securely at scale requires governance that spans models, software and infrastructure.

For builders in our two markets, this is where the regulatory picture becomes concrete rather than abstract. An always-on agent that reads local files and calls APIs is, by definition, processing data continuously. Under India's Digital Personal Data Protection Act, that raises questions of purpose limitation and consent for any personal data the agent touches. Under the UK GDPR and the emerging UK and EU AI governance regimes, the same agent triggers questions of data residency, human oversight and the right to an explanation of automated actions. A permission-scoped runtime with a full audit log is not a nice-to-have in that context — it is the difference between a deployable system and a compliance liability.

Watch out

"Self-evolving" and "always-on" are attractive words and unproven guarantees. An agent that learns from workflows can also learn the wrong lesson, and an agent that never sleeps has no natural checkpoint at which a human reviews its state. Before piloting anything Arc-shaped, insist on three things you can verify yourself: a default-deny permission model, an immutable action log you control, and a hard kill-switch. If a vendor cannot demonstrate all three, the autonomy is a risk you are absorbing, not a feature you are buying.

The open-Nemotron angle for builders on open weights

The quieter, more durable news for independent builders is that Nemotron is open weight. NVIDIA positions its Nemotron open models as building blocks for custom agents, and reports that Nemotron 3 Super tops open-weight models on its own EnterpriseOps-Gym benchmark — a claim worth treating as vendor-stated until independent results land. Benchmark caveats aside, open weights change what a small team can do.

If you are a four-person AI studio in Ahmedabad or Bristol, you cannot procure a bespoke governance stack from ServiceNow. But you can take an open-weight model, self-host it on your own accelerated compute, fine-tune it on your customer's domain, and inspect exactly how it behaves. That is the path to serving a regulated client who cannot send data to a third-party endpoint — a bank in Mumbai, an NHS trust in Leeds — without waiting for a hyperscaler's data-residency roadmap. The open-weight leaderboard has been moving fast this year; our roundup of the open-weight leaderboard shake-up covers where Nemotron sits against GLM, Kimi and DeepSeek.

Pro tip

Do not lead with the model. Lead with the guardrails. The scarce, sellable skill in 2026 is not "I can call an LLM" — it is "I can put a permissioned, audited, evaluable agent into a regulated environment and prove it behaves." Build a small reference agent on open weights, wrap it in a sandbox with least-privilege tool access, instrument every action, and write the evals that catch regressions. That portfolio piece is worth more to an enterprise buyer than any prompt-engineering trick.

What builders should learn now

Persistent agents reward a different skill set than the chat era did. Three areas will separate the builders who ship enterprise agents from those who ship demos.

  1. Agent evaluation. A long-horizon agent can pass every unit test and still drift over a hundred steps. You need task-level evals that replay realistic multi-step workflows and flag regressions before they reach a customer desktop. NVIDIA's own EnterpriseOps-Gym is a signal that benchmark-as-harness is becoming table stakes; treat eval design as a first-class engineering discipline, not an afterthought.
  2. Tool and permission design. The safety of an agent is mostly the design of the tools you hand it. Narrow, well-typed, least-privilege tools with explicit scopes contain failure far better than a clever prompt. Our guide to agent design patterns walks through the patterns that hold up in production.
  3. Observability. If you cannot answer "what did the agent do, when, and why" from a log, you cannot deploy it in a regulated setting. Instrument every file access, command and API call, and make the trace queryable. For the specific case of agents that drive a browser or desktop, our walkthrough of browser agents in production covers the observability traps first-hand.

None of these three skills is specific to Project Arc, and that is the point. Whether the platform that wins is ServiceNow's, a rival's, or something a builder in Pune or Bristol assembles in-house on open weights, the discipline is identical: evaluate long-horizon behaviour, hand agents least-privilege tools, and instrument everything so the trace is auditable. A builder who can show a working, evaluated, observable agent — even a small one — is demonstrating exactly the competence that governed-agent platforms are being built to require. That is a more durable investment than learning any single vendor's runtime, and it travels across the Indian and UK markets equally well, where the buyers are the same regulated banks, insurers and public bodies that will demand the audit trail before they demand the demo.

Every article here is written by a Verified Builder. Want your name on the next one?

AI Tech Connect lists AI engineers, founders and researchers across India and the UK — and the people hiring browse it to find them. Adding your profile is free.

Become a Verified Builder →

What is real, and what is not yet

It is worth being precise about the confidence level here. What is confirmed: the announcement at Knowledge 2026, the OpenShell runtime, the AI Control Tower governance layer, the Nemotron open models, the early-preview status, and the executive framing from both companies. What is not yet confirmed by independent evidence: that the agent reliably completes complex, multi-step work "without pre-built workflows" at production scale, that "self-evolving" behaviour is safe and bounded, and that the EnterpriseOps-Gym results generalise beyond NVIDIA's own evaluation.

That gap is normal for a preview, and it is precisely the gap builders get paid to close. The vendors have shipped the scaffolding — a runtime, a governance plane, an open model. The proof that a persistent desktop agent can be trusted with real permissions in a real regulated business is still being written, one careful deployment at a time. For AI builders in India and the UK, that is not a reason to wait. It is the opening.

Primary sources: the NVIDIA blog on the ServiceNow partnership and the ServiceNow newsroom release.