Nvidia said there are no backdoors or kill switches in its chips, denying an accusation from the Chinese government. The company also urged policymakers to reject proposals for backdoors and kill switches.
"There are no back doors in NVIDIA chips. No kill switches. No spyware. That's not how trustworthy systems are built—and never will be," Nvidia Chief Security Officer David Reber Jr. wrote in a blog post yesterday.
The Cyberspace Administration of China last week said it held a meeting with Nvidia over "serious security issues" in the company's chips and claimed that US AI experts "revealed that Nvidia's computing chips have location tracking and can remotely shut down the technology."
The accusation is related to the H20 chip Nvidia made for the Chinese market to comply with US export restrictions. US lawmakers are meanwhile considering a Chip Security Act that would require exported chips to be built with "location verification." The bill also calls for an assessment of mechanisms to stop unauthorized use—a proposal that critics say could lead to a "kill switch" like the kind that Nvidia wants to prevent.
The office of Sen. Tom Cotton (R-Ark.) said the purpose of the legislation is to "prevent advanced American chips from falling into the hands of adversaries like Communist China by improving oversight of advanced chips." The White House's AI Action Plan similarly calls on government agencies and chipmakers to "explore leveraging new and existing location verification features on advanced AI compute to ensure that the chips are not in countries of concern."
Nvidia denied China's accusation last week, telling media outlets that it "does not have 'backdoors' in our chips that would give anyone a remote way to access or control them." The new blog post expanded on the company's denial and argued that governments should not demand backdoors.
Nvidia: Kill switch an “open invitation for disaster”
The post seems to be at least partly a plea to the US government, given the location-tracking proposal and the long history of US officials arguing that tech products should have backdoors allowing government access to encrypted systems.
"To mitigate the risk of misuse, some pundits and policymakers propose requiring hardware 'kill switches' or built-in controls that can remotely disable GPUs without user knowledge and consent," Reber Jr. wrote. "Some suspect they might already exist. Nvidia GPUs do not and should not have kill switches and backdoors."
Reber Jr. wrote that backdoors and kill switches in chips "would be a gift to hackers and hostile actors. It would undermine global digital infrastructure and fracture trust in US technology. Established law wisely requires companies to fix vulnerabilities—not create them."
A kill switch in a chip would be "a permanent flaw beyond user control, and an open invitation for disaster," he wrote. "It's like buying a car where the dealership keeps a remote control for the parking brake—just in case they decide you shouldn't be driving." Requiring kill switches would be "an overreaction that would irreparably harm America's economic and national security interests," he wrote.
“No such thing as a ‘good’ secret backdoor”
Nvidia's argument is similar to what many security experts have said over the years about it being impossible to limit access to a backdoor once one has been installed. "There is no such thing as a 'good' secret backdoor—only dangerous vulnerabilities that need to be eliminated," Reber Jr. wrote. "Product security must always be done the right way: through rigorous internal testing, independent validation and full compliance with global cybersecurity standards."
Reber Jr. brought up an example from the Clinton administration: The National Security Agency's Clipper Chip initiative, which was abandoned. Reber Jr. wrote:
The cybersecurity community learned these lessons the hard way during the 1990s with the NSA's Clipper Chip initiative. Introduced in 1993, the Clipper Chip was designed to provide strong encryption while maintaining government backdoor access through a key escrow system.
The Clipper Chip represented everything wrong with built-in backdoors. Security researchers discovered fundamental flaws in the system that could allow malicious parties to tamper with the software. It created centralized vulnerabilities that could be exploited by adversaries. The mere existence of government backdoors undermined user confidence in the security of systems.
Kill switches and built-in backdoors create single points of failure and violate the fundamental principles of cybersecurity.
Reber Jr. said that backdoors in Nvidia chips would disrupt the company's layered security system, which he said has multiple safeguards to ensure that "no single-point vulnerability can compromise or shut down a system. For decades, that's how NVIDIA and American industry have promoted innovation while protecting users and growing the economy. This is no time to depart from that winning formula."
I tested Grok’s Valentine sex chatbot and it (mostly) behaved