[pjerem]

AI aside, hacking into the driver’s build process to inject hidden backdoors into the drivers could be a realist attack.

[Melio]

Is it realistic though?

Hacking into Nvidias corp network, infiltrating their git server, disabling security scans and then injecting a backdoor undetected in complex code?

In a process which is highly controlled due to it being a very central peace of software.

Very unrealistic.

It's easier to find or buy zero days in the wild for the same goal

[nimrody]

Well.. that's exactly what happened to Solarwinds last year, didn't it?

Actually smarter than that - they got into the build system and added the malicious code in the build process so you couldn't see it in the repository.

Do you think it's that difficult for a state sponsored body to infiltrate into a commercial company?

[Melio]

The effort my big software company does on regards of requirements of releasing software, I would say yes.

Big companies like Nvidia have background checks, independent security teams etc.

Impossible? No. But easier and cheaper is still other means.