Nvidia warns of 'disaster' from chip kill switches, denies China's claims

Nvidia has issued a stark warning against embedding “kill switches” or “backdoors” in its advanced chips, asserting that such features would invite disaster and fundamentally undermine global digital infrastructure. This strong stance comes amidst accusations from China regarding security vulnerabilities in Nvidia chips and ongoing discussions in the U.S. about potential legislative requirements for location verification and remote disabling mechanisms in exported semiconductors.

The Cyberspace Administration of China recently claimed that it met with Nvidia over “serious security issues,” alleging that U.S. AI experts had “revealed that Nvidia’s computing chips have location tracking and can remotely shut down the technology.” This accusation specifically targets the H20 chip, a variant Nvidia developed for the Chinese market to comply with U.S. export restrictions designed to limit China’s access to advanced AI capabilities. Nvidia swiftly denied these claims, stating unequivocally that its chips contain no backdoors or kill switches that would allow remote access or control.

Concurrently, U.S. lawmakers are considering the “Chip Security Act,” a proposed bill that would mandate “location verification” for exported chips and explore methods to prevent unauthorized use. While proponents, including the office of Sen. Tom Cotton, argue this legislation is crucial to prevent advanced American chips from falling into the hands of adversaries, critics caution that such provisions could effectively introduce the very “kill switches” Nvidia is fighting against. The White House’s AI Action Plan echoes a similar sentiment, urging government agencies and chipmakers to investigate leveraging existing or new location verification features to ensure chips do not end up in “countries of concern.”

David Reber Jr., Nvidia’s Chief Security Officer, elaborated on the company’s position in a recent blog post, emphasizing that trustworthy systems are not built with hidden access points or remote disabling capabilities. He contended that requiring such features would be “a gift to hackers and hostile actors,” leading to a fragmentation of trust in U.S. technology. Reber Jr. likened a kill switch in a chip to a car dealership retaining remote control over a vehicle’s parking brake, describing it as a “permanent flaw beyond user control” and “an open invitation for disaster.” He argued that established law wisely compels companies to fix vulnerabilities, not intentionally create them, and that mandating kill switches would be an overreaction with irreparable harm to America’s economic and national security interests.

Nvidia’s argument aligns with a long-held consensus among cybersecurity experts: there is no such thing as a “good” secret backdoor, only dangerous vulnerabilities waiting to be exploited. Reber Jr. invoked the historical example of the National Security Agency’s Clipper Chip initiative from the 1990s, an attempt to build strong encryption with a government backdoor through a key escrow system. That project was ultimately abandoned after security researchers exposed fundamental flaws that could be exploited by malicious parties, demonstrating how centralized vulnerabilities undermine user confidence and system security.

According to Reber Jr., introducing backdoors or kill switches would disrupt Nvidia’s layered security architecture, which is designed with multiple safeguards to prevent single points of failure. He stressed that this approach has long fostered innovation and protected users, contributing to economic growth, and asserted that it is not the time to deviate from this successful formula. The company maintains that true product security stems from rigorous internal testing, independent validation, and strict adherence to global cybersecurity standards.