Massive chipmaker NVIDIA has taken a firm stance against adding backdoors and kill switches in its chips, even as some US lawmakers push for such embedded tracking features, and Chinese authorities allege these built-in controls are already in place.
“NVIDIA GPUs do not and should not have kill switches and backdoors,” wrote NVIDIA Chief Security Officer David Reber Jr. in an Aug. 5 blog post.
The generative AI boom catapulted NVIDIA to a market value of $4 trillion, making it one of the most valuable companies in the world.
Who started the conversation about backdoors in NVIDIA chips?
The debate over backdoors and tracking technologies escalated after the perceived political power wielded by chipmakers who sell to both Chinese and US markets. NVIDIA’s advanced chips have long been restricted to prevent Chinese companies from piggybacking on US-made tech. NVIDIA makes the relatively low-powered H20 chip specifically to comply with US laws while serving the market in China.
In May, a group of bipartisan US lawmakers proposed that AI chipmakers, including NVIDIA, put tracking technology into their products to verify their locations before export. In July, a Chinese agency alleged there were already backdoors in the H20 chips.
“There is no such thing as a ‘good’ secret backdoor”
“Embedding backdoors and kill switches into chips would be a gift to hackers and hostile actors,” Reber wrote. “It would undermine global digital infrastructure and fracture trust in U.S. technology. Established law wisely requires companies to fix vulnerabilities — not create them.”
He cited NVIDIA’s history of promptly patching GPU vulnerabilities and reaffirmed the company’s security philosophy: fix issues, don’t embed weaknesses.
“There is no such thing as a ‘good’ secret backdoor — only dangerous vulnerabilities that need to be eliminated,” he said.
Backdoors vs. consumer-controlled features
Reber compared backdoors with consumer-controlled tools like “find my phone” and “remote wipe,” stating these are transparent technologies where the user is aware of their presence. He argued these do not equate to hardware backdoors, as they operate at the customer’s discretion, not hidden or exploitable by external actors.
“Governments have many tools to protect nations, consumers and the economy,” Reber said. “Deliberately weakening critical infrastructure should never be one of them.”
Read our coverage of a recently patched attack chain in NVIDIA’s Triton Inference Server that could allow remote attackers to gain full control.
