Nvidia says its AI chips don't have a 'kill switch' after Chinese accusation

Nvidia on Tuesday rejected Chinese accusations that its data center GPUs for artificial intelligence include a hardware function that could remotely deactivate the chips, which is commonly called a "kill switch."

"NVIDIA GPUs do not and should not have kill switches and backdoors," wrote Nvidia's Chief Security Officer David Reber in a blog post on Tuesday.

The blog post comes after the Cyberspace Administration of China said last week that it needed Nvidia to provide documents about what it called security vulnerabilities in the H20, Nvidia's data center AI chip intended for the Chinese market. The regulator specifically mentioned "backdoor" security risks, according to the New York Times.

The statement is an example of how Nvidia is navigating geopolitical conflict as its AI chips remain in high demand by countries and companies around the world. U.S. lawmakers have proposed legislation that would require AI chips under export regulations to be equipped with location-tracking systems.

The U.S. has placed export controls on some Nvidia chips to China because of national security reasons, saying that the country could use the chips to gain an advantage in AI or for military purposes.

Nvidia CEO Jensen Huang has argued that it is better for the U.S. if Nvidia's chips become the global standard for AI computers, especially among Chinese developers.

The H20 generates billions in revenue per quarter for Nvidia in sales, although the company does not typically break out its revenue specifically. The chip was briefly banned from export to China in April.

The company said its guidance would have been about $8 billion higher except for lost sales from a recent export restriction on its China-bound H20 chips.

The Trump administration said in July that it would grant a waiver for the chips to resume sales.

Silicon Valley technologists and security experts generally believe that backdoors — when a device has a hidden function that would allow a government or attacker to secretly take data from a computer or otherwise control it — are untenable in products.

Apple, in particular, has publicly fought off government requests for what it calls "backdoors" in the past as well.

Nvidia declined to comment further on its blog post.

Reber argued in the blog post that secret backdoors are dangerous vulnerabilities that could be used by hackers, not just officials, and that they "violate the fundamental principles of cybersecurity."

He also said that if a kill switch or backdoor were to be put in products like Nvidia GPUs, that they would harm U.S. national security interests.

"Hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control, and an open invitation for disaster," Reber wrote. "It's like buying a car where the dealership keeps a remote control for the parking brake — just in case they decide you shouldn't be driving."