Nvidia Denies Allegations of ‘Kill Switch’ in AI Chips, Stresses Importance of Cybersecurity Fundamentals
In a recent blog post, Nvidia’s Chief Security Officer, David Reber, refuted accusations that their data center GPUs designed for artificial intelligence include a hardware function capable of remotely deactivating the chips, often referred to as a “kill switch.”
Reber asserted that Nvidia GPUs do not and should not possess such kill switches or backdoors. This statement was issued in response to China’s Cyberspace Administration’s request last week for documentation regarding alleged security vulnerabilities in the H20, Nvidia’s data center AI chip targeted at the Chinese market. The regulator expressed concerns about potential “backdoor” security risks.
Nvidia’s stance underscores the challenges faced by tech companies in managing geopolitical conflicts as their AI chips remain sought-after globally. Proposed U.S. legislation suggests that AI chips subject to export regulations should be equipped with location-tracking systems.
The U.S. has implemented export controls on certain Nvidia chips destined for China due to national security concerns, believing that the country could exploit these chips for AI or military purposes.
Nvidia’s CEO, Jensen Huang, has advocated that it would benefit the U.S. for Nvidia’s chips to become the global standard for AI computers, especially among Chinese developers. The H20 contributes significantly to Nvidia’s quarterly revenue from sales, although the company does not typically disclose specific figures.
The chip was temporarily banned from export to China in April. Nvidia reported that its guidance would have been approximately $8 billion higher if not for lost sales due to a recent export restriction on H20 chips bound for China. The Trump administration granted a waiver in July, permitting the resumption of sales.
Silicon Valley technologists and security experts generally agree that backdoors—hidden functions that allow governments or attackers to secretly access data or control devices—are unacceptable in products. Apple, in particular, has publicly resisted government demands for such “backdoors” previously.
Nvidia declined to provide further comment on the matter beyond their blog post. In the post, Reber argued that secret backdoors represent dangerous vulnerabilities that could be exploited by hackers as well as officials, and that they contravene fundamental cybersecurity principles. He also emphasized that introducing kill switches or backdoors into products like Nvidia GPUs would negatively impact U.S. national security interests.
“Hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control, and an open invitation for disaster,” Reber wrote. “It’s like buying a car where the dealership keeps a remote control for the parking brake—just in case they decide you shouldn’t be driving.”