[defap]

But in both Apple's and Amazon's denials they claim to have already done extensive investigations.

There's a cost to damaging your credibility.

[fermienrico]

The public has a very short memory. It’s surprising how fast the credibility is damaged and repaired.

Don’t put too much emphasis on big Corp and their “credibility”.

[toss1]

and there is an even greater cost to 1) not working collegially with the NatSec agencies to maintain secrecy or plausible deniability on critical matters, and 2) destroying instantly your customers' trust in your ability to maintain their data privately, the immediate result of confirming in full the story.

As mentioned above, 1) these denials can be later parsed and opened up as necessary with significantly less reputational damage, and 2) they contain some interesting specifics that can make them strictly true but quite misleading, e.g., "Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server" might more accurately read "someone else found these..."