Nvidia Says Its AI Chips Don’t Have A "Kill Switch" After Chinese Accusation

Nvidia on Tuesday rejected Chinese accusations that its data center GPUs for artificial intelligence include a hardware function that could remotely deactivate the chips, which is commonly called a “kill switch.”

“NVIDIA GPUs do not and should not have kill switches and backdoors,” wrote Nvidia’s Chief Security Officer David Reber in a blog post on Tuesday.

The blog post comes after the Cyberspace Administration of China said last week that it needed Nvidia to provide documents about what it called security vulnerabilities in the H20, Nvidia’s data center AI chip intended for the Chinese market. The regulator specifically mentioned “backdoor” security risks, according to the New York Times.

The statement is an example of how Nvidia is navigating geopolitical conflict as its AI chips remain in high demand by countries and companies around the world. U.S. lawmakers have proposed legislation that would require AI chips under export regulations to be equipped with location-tracking systems.

The U.S. has placed export controls on some Nvidia chips to China because of national security reasons, saying that the country could use the chips to gain an advantage in AI or for military purposes.

Nvidia CEO Jensen Huang has argued that it is better for the U.S. if Nvidia’s chips become the global standard for AI computers, especially among Chinese developers.

The H20 generates billions in revenue per quarter for Nvidia in sales, although the company does not typically break out its revenue specifically. The chip was briefly banned from export to China in April.

The company said its guidance would have been about $8 billion higher except for lost sales from a recent export restriction on its China-bound H20 chips.

The Trump administration said in July that it would grant a waiver for the chips to resume sales.

Silicon Valley technologists and security experts generally believe that backdoors — when a device has a hidden function that would allow a government or attacker to secretly take data from a computer or otherwise control it — are untenable in products.

Apple, in particular, has publicly fought off government requests for what it calls “backdoors” in the past as well.

Nvidia declined to comment further on its blog post.

Reber argued in the blog post that secret backdoors are dangerous vulnerabilities that could be used by hackers, not just officials, and that they “violate the fundamental principles of cybersecurity.”

He also said that if a kill switch or backdoor were to be put in products like Nvidia GPUs, that they would harm U.S. national security interests.

“Hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control, and an open invitation for disaster,” Reber wrote. “It’s like buying a car where the dealership keeps a remote control for the parking brake — just in case they decide you shouldn’t be driving.”

Following is Nvidia’s Chief Security Officer David Reber’s Blog:

No Backdoors. No Kill Switches. No Spyware.

NVIDIA GPUs are at the heart of modern computing. They’re used across industries — from healthcare and finance to scientific research, autonomous systems and AI infrastructure. NVIDIA GPUs are embedded into CT scanners and MRI machines, DNA sequencers, air-traffic radar tracking systems, city traffic-management systems, self-driving cars, supercomputers, TV broadcasting systems, casino machines and game consoles.

To mitigate the risk of misuse, some pundits and policymakers propose requiring hardware “kill switches” or built-in controls that can remotely disable GPUs without user knowledge and consent. Some suspect they might already exist.

NVIDIA GPUs do not and should not have kill switches and backdoors.

Hard-Coded, Single-Point Controls Are Always a Bad Idea

NVIDIA has been designing processors for over 30 years. Embedding backdoors and kill switches into chips would be a gift to hackers and hostile actors. It would undermine global digital infrastructure and fracture trust in U.S. technology. Established law wisely requires companies to fix vulnerabilities — not create them.

Until recently, that policy was universally held and beyond question. When security researchers discovered vulnerabilities such as “Spectre” and “Meltdown” for CPUs, governments and industry responded with speed and unity to eliminate the risk.

That principle still holds. There is no such thing as a “good” secret backdoor — only dangerous vulnerabilities that need to be eliminated. Product security must always be done the right way: through rigorous internal testing, independent validation and full compliance with global cybersecurity standards. Robust security is built on the principle of “defense in depth”: layering multiple safeguards so that no single-point vulnerability can compromise or shut down a system. For decades, that’s how NVIDIA and American industry have promoted innovation while protecting users and growing the economy. This is no time to depart from that winning formula.

Historical Lessons: The Clipper Chip Debacle — a Policy and Technical Failure

The cybersecurity community learned these lessons the hard way during the 1990s with the NSA’s Clipper Chip initiative. Introduced in 1993, the Clipper Chip was designed to provide strong encryption while maintaining government backdoor access through a key escrow system.

The Clipper Chip represented everything wrong with built-in backdoors. Security researchers discovered fundamental flaws in the system that could allow malicious parties to tamper with the software. It created centralized vulnerabilities that could be exploited by adversaries. The mere existence of government backdoors undermined user confidence in the security of systems.

Kill switches and built-in backdoors create single points of failure and violate the fundamental principles of cybersecurity.

Promote Smart Software Tools, Not Dangerous Hardware Traps

Some point to smartphone features like “find my phone” or “remote wipe” as models for a GPU kill switch. That comparison doesn’t hold water — optional software features, controlled by the user, are not hardware backdoors.

NVIDIA has always supported open, transparent software that helps customers get the most from their GPU-powered systems — diagnostics, performance monitoring, bug reporting and timely patching — with the user’s knowledge and consent. That’s responsible, secure computing. It helps our customers excel, and industry stay ahead.

Hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control, and an open invitation for disaster. It’s like buying a car where the dealership keeps a remote control for the parking brake — just in case they decide you shouldn’t be driving. That’s not sound policy. It’s an overreaction that would irreparably harm America’s economic and national security interests.

Hardware Integrity Should Be Nonpartisan and Nonnegotiable

For decades, policymakers have championed industry’s efforts to create secure, trustworthy hardware. Governments have many tools to protect nations, consumers and the economy. Deliberately weakening critical infrastructure should never be one of them.

There are no back doors in NVIDIA chips. No kill switches. No spyware. That’s not how trustworthy systems are built — and never will be.