The US government announced it was rescinding the ban on NVIDIA selling H20 AI GPUs to China on July 14, 2025, and since then, the company has been scrambling to kickstart supply chains, appease international governments, and take a massive volume of orders for the specialized chips.
I covered NVIDIA needing 300,000 more H20 AI chips from TSMC to meet the newfound Chinese demand following the ban reversal, and that was on top of the stockpile of 600,000 to 700,000 H20 chips already waiting to be sold.
Despite the massive influx of orders from Chinese customers that is surely putting strain on TSMC’s production, the Chinese government has some concerns about letting a flood of new H20 chips into the country.
As reported by Bloomberg, China’s Cyberspace Administration recently requested a meeting with NVIDIA executives following NVIDIA CEO Jensen Huang’s own meetings with senior officials.
Chinese Cyberspace Administration officials were there to discuss potential security vulnerabilities baked into NVIDIA’s H20 GPUs. These concerns reportedly came about, at least partially, following comments from US authorities regarding backdoors and trackers being added to the hardware sold to foreign countries.
NVIDIA, of course, denied that its H20 chips had any sort of vulnerability, and it has since reiterated its stance in an official blog post titled “No Backdoors. No Kill Switches. No Spyware.” It’s written by David Reber Jr., NVIDIA’s Chief Security Officer.
Reber Jr. opens with a reminder that NVIDIA’s GPUs “are at the heart of modern computing,” and that they’re used in countless high-profile industries. Reber Jr. then touches on the comments made by US lawmakers regarding the use of vulnerabilities to track these GPUs.
To mitigate the risk of misuse, some pundits and policymakers propose requiring hardware “kill switches” or built-in controls that can remotely disable GPUs without user knowledge and consent. Some suspect they might already exist. NVIDIA GPUs do not and should not have kill switches and backdoors.
David Reber Jr., NVIDIA Chief Security Officer
As explained by Reber Jr., the inclusion of backdoors and other vulnerabilities would “undermine global digital infrastructure and fracture trust in U.S. technology.” Reber Jr. also points out that “established law wisely requires companies to fix vulnerabilities — not create them.”
The blog post mentions past Spectre and Meltdown exploits, which affected many modern Intel, AMD, and Qualcomm processors, allowing bad actors to access memory that should have been private. This led to the theft of passwords, browser history, photos, and more.
As Reber Jr. reminds us, “governments and industry responded with speed and unity to eliminate the risk.”
There’s no such thing as a ‘good’ vulnerability
NVIDIA cites the Clipper Chip fiasco from the ’90s as an example of why baked-in vulnerabilities are a bad idea.
The Clipper Chip, created by the NSA, arrived in 1993 with a backdoor accessible by the US government. It didn’t take long for security experts to discover several methods that could be used by bad actors to access the software running on the chip.
As NVIDIA says, “the mere existence of government backdoors undermined user confidence in the security of systems. Kill switches and built-in backdoors create single points of failure and violate the fundamental principles of cybersecurity.”
The blog post then turns to NVIDIA’s stance on open-source software.
NVIDIA has always supported open, transparent software that helps customers get the most from their GPU-powered systems — diagnostics, performance monitoring, bug reporting and timely patching — with the user’s knowledge and consent. That’s responsible, secure computing. It helps our customers excel, and industry stay ahead.
David Reber Jr., NVIDIA Chief Security Officer
You can agree or disagree with that statement regarding NVIDIA offering open-source software, but it ties into the next section. NVIDIA reiterates that “hardwiring a kill switch into a chip is something entirely different: a permanent flaw beyond user control, and an open invitation for disaster. ” Can’t disagree with that.
Reber Jr. compares a chip with a built-in vulnerability to a new car you buy that has a remote control for the parking brake in the hands of the dealership. “It’s an overreaction that would irreparably harm America’s economic and national security interests,” says NVIDIA.
The blog wraps up with one final statement: “There are no back doors in NVIDIA chips. No kill switches. No spyware. That’s not how trustworthy systems are built — and never will be.”
Setting my tinfoil hat atop my head for a moment, this sounds exactly like what a company that was putting back-door vulnerabilities into its chips would say. Especially a company that was attempting to ease concerns from one of its largest foreign customers.
We will, of course, never know what level of backdoor vulnerabilities are actually in our computing hardware — if any — and NVIDIA’s move here with this post certainly seems well-timed and necessary as it begins shipping its H20 AI GPUs to China once again.
