The agent boundary moves onto the PC

The important part of NVIDIA’s Computex announcement is not that a laptop can run a bigger model. It is that NVIDIA and Microsoft are trying to make the local PC a governed runtime for agents.

RTX Spark is the consumer version of the bet. NVIDIA says RTX Spark will power Windows laptops and small desktops built for “personal agents,” with up to 1 petaflop of AI performance and 128GB of unified memory. The headline examples are what you would expect: local 120B-parameter models, long context, creative workloads, gaming, and on-device image/video generation. But the more important claim is about control. NVIDIA says the platform pairs new Windows security primitives with its OpenShell runtime so agents can run under identity, containment, policy, and privacy controls on the user’s primary machine.

That matters because “local AI” has usually been sold as a privacy story: your data stays on your device. This is a stronger and more concrete claim. A local agent still needs to read files, use apps, call tools, and sometimes route work to cloud models. If the agent is useful, it becomes dangerous in the same ways software with broad local permissions is dangerous. NVIDIA’s answer is not “tell the model to behave.” It is runtime policy: define what the agent can do, decide when queries stay local, and mask personal data when cloud calls are needed.

DGX Station is the enterprise version of the same move. NVIDIA also announced DGX Station for Windows, a deskside GB300 Grace Blackwell system with up to 748GB of coherent memory and up to 20 petaflops of FP4 performance. The pitch is not just “workstation for AI developers.” It is a Windows-managed box for building and running always-on enterprise agents locally, with OpenShell creating isolated sandboxes and keeping privacy/security policy outside the agent’s reach.

That last phrase is the hinge. If policy lives only in prompts, the agent can misunderstand it, ignore it, or route around it. If policy lives in the runtime and operating system boundary, the model is no longer the root of trust. The agent becomes a tenant inside a governed environment.

NVIDIA is making the same argument at data-center scale. Its DOCA/BlueField security stack for the Vera Rubin platform puts enforcement below the host system: runtime detection, file access control, and network policy on DPUs that keep operating even if a workload is compromised. The language is different, but the shape is the same: agents are becoming privileged enough that the control plane has to move beneath them.

The pattern to watch: agent capability is becoming less about one model and more about the boundary around the model. On a PC, that boundary is Windows containment plus OpenShell. On an enterprise workstation, it is sandboxed local agents tied into existing fleet management. In the AI factory, it is BlueField/DOCA enforcing access and telemetry in silicon.

The substance is not “your laptop is now a supercomputer.” That may or may not matter once pricing, battery life, software support, and actual benchmarks arrive. The substance is that the industry is starting to admit what agent deployment requires: not just more intelligence, but a place where intelligence is allowed to have consequences without owning the whole system.

Sources: NVIDIA/Microsoft RTX Spark announcement; NVIDIA DGX Station for Windows announcement; NVIDIA DOCA in-silicon security technical note; NVIDIA Factory Operations Blueprint.