New Rowhammer attack silently corrupts AI models on GDDR6 Nvidia cards — 'GPUHammer' attack drops AI accuracy from 80% to 0.1% on RTX A6000

A group of researchers has discovered a new attack called GPUHammer that can flip bits in the memory of NVIDIA GPUs, quietly corrupting AI models and causing serious damage, without ever touching the actual code or data input. Fortunately, Nvidia is already ahead of the bad actors and has put out guidelines on how to mitigate the risk involved in this situation. Regardless, if you’re using a card with GDDR6 memory, this is worth paying attention to

The team behind the discovery, from the University of Toronto, showed how the attack could drop an AI model’s accuracy from 80% to under 1%—just by flipping a single bit in memory. It’s not just theoretical either, as they ran it on a real NVIDIA RTX A6000, using a technique that repeatedly hammers memory cells until one nearby flips, messing with whatever’s stored there.

What exactly is GPUHammer?

GPUHammer is a GPU-focused version of a known hardware issue called Rowhammer. It’s been around for a while in the world of CPUs and RAM. Basically, modern memory chips are so tightly packed that repeatedly reading or writing one row can cause electrical interference that flips bits in nearby rows. That flipped bit could be anything—a number, a command, or part of a neural network’s weight—and that’s where things go wrong.

Until now, this was mostly a concern for DDR4 system memory, but GPUHammer proves it can happen on GDDR6 VRAM too, which is what powers many modern NVIDIA cards, especially in AI and workstation workloads. This is a serious cause for concern, at least in specific situations. The researchers showed that even with some safeguards in place, they could cause multiple bit flips across several memory banks. In one case, this completely broke a trained AI model, making it essentially useless. The scary part is that it doesn’t require access to your data. The attacker just needs to share the same GPU in a cloud environment or server, and they could potentially interfere with your workload however they want.

As mentioned, the attack was tested on an RTX A6000, but the risk applies to a wide range of Ampere, Ada, Hopper, and Turing GPUs, especially those used in workstations and servers. NVIDIA has published a full list of affected models and recommends ECC for most of them. That said, newer GPUs like the RTX 5090 and H100 have built-in ECC directly on the chip, which handles this automatically—no user setup required.

However, if you're someone just sitting at home worried about their personal setup, this isn’t the kind of attack you’d see targeting individual gamers or home PCs. It’s more relevant to shared GPU environments like cloud gaming servers, AI training clusters, or VDI setups where multiple users run workloads on the same hardware. That being said, the core idea that memory on a GPU can be tampered with silently is something the entire industry needs to take seriously, especially as more games, apps, and services start leaning on AI.

Nvidia's Response

NVIDIA has responded with a simple but important recommendation: turn on ECC (Error Correction Code) if your GPU supports it. ECC is a feature that adds redundancy to memory so it can detect and fix errors like these bit flips. Keep in mind, enabling ECC does come with a small trade-off—around 10% slower performance for machine learning tasks, and about 6–6.5% less usable VRAM. But for serious AI work with peace of mind, that’s worth it.

You can enable it using Nvidia's command-line tool:

You can also check if ECC is active with:

Attacks like GPUHammer don’t just crash systems or cause glitches. They tamper with the integrity of AI itself, affecting how models behave or make decisions. And because it all happens at the hardware level, these changes are nearly invisible unless you know exactly what to look for. In regulated industries like healthcare, finance, or autonomous driving, that could cause serious problems—wrong decisions, security failures, even legal consequences. Even though the average user isn’t directly at risk, GPUHammer is a wake-up call. As GPUs continue to evolve beyond gaming into AI, creative work, and productivity, so do the risks. Memory safety, even on a GPU, is no longer optional.

Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.