Safetensors is welcomed into the PyTorch Foundation to secure model distribution and build trusted agentic solutions
PARIS, April 8, 2026 /PRNewswire/ — PyTorch Conference EU – The PyTorch Foundation, a community-driven hub for open source AI under the Linux Foundation, today announced that Safetensors has joined the Foundation as its newest foundation-hosted project alongside DeepSpeed, Helion, PyTorch, Ray, and vLLM. Safetensors’ contribution by Hugging Face prevents arbitrary code execution risks and enhances model performance across multi-GPU and multi-node deployments, addressing growing technical needs of the AI era.
As AI model development accelerates, security risks in the production pipeline inherently increase, necessitating secure, high-performance formats that can keep pace with deployment. Safetensors joining the Foundation minimizes security risks associated with model architectures and execution, providing developers with a trusted path to production.
“Safetensors’ contribution to the PyTorch Foundation is an important step towards scaling production-grade AI models,” said Mark Collier, Executive Director of the PyTorch Foundation. “Safetensors ensures secure model distribution and de-risks code execution, all while offering significant speed across complex computing architectures. For security, Safetensors is a crucial piece of the open source AI stack that will drive fast, secure, and technically advanced AI.”
Developed and maintained by Hugging Face, Safetensors has become one of the most widely adopted tensor serialization formats in the open source (machine learning) ML ecosystem. In previous pickle formats, opportunities existed for developers, or bad actors, to execute arbitrary, untrusted code within model files when shared. Acting as a table of contents for an AI model’s data, Safetensors prevents arbitrary code execution and is now one of the most widely used metadata formats for model distribution.
Developers and contributors interested in participating in the PyTorch project ecosystem are encouraged to join the community onsite at upcoming events like PyTorch Conference China (Shanghai, September 8-9) and PyTorch Conference North America (San Jose, October 20-21).
Supporting Quotes
Safetensors joining the PyTorch Foundation is an important step towards using a safe serialization format everywhere by default.
The new ecosystem and exposure the library will gain from this move will solidify its security guarantees and usability. Safetensors is a well-established project, adopted by the ecosystem at large, but we’re still convinced we’re at the very beginning of its lifecycle: the coming months will see significant growth, and we couldn’t think of a better home for that next chapter than the PyTorch Foundation.
– Luc Georges, Co-Maintainer, Safetensors & Lysandre Debut, Chief Open Source Officer, Hugging Face
“Safetensors joining the PyTorch Foundation promises safer, more interoperable packaging for model artifacts. The project has become a de facto standard for open-weight model distribution by halting risk associated with arbitrary code execution while also supporting fast, practical loading workflows. Together with Helion, these contributions to the Foundation solidify the technical future for open source AI.”
– Matt White, Global CTO of AI at the Linux Foundation and CTO of the PyTorch Foundation
About the PyTorch Foundation
The PyTorch Foundation is a community-driven hub supporting the open source PyTorch framework and a broader portfolio of innovative open source AI projects, including DeepSpeed, Helion, PyTorch, Ray, Safetensors, and vLLM. Hosted by the Linux Foundation, the PyTorch Foundation provides a vendor-neutral, trusted home for collaboration across the AI lifecycle—from model training and inference, to domain-specific applications. Through open governance, strategic support, and a global contributor community, the PyTorch Foundation empowers developers, researchers, and enterprises to build and deploy AI at scale. Learn more at https://pytorch.org/foundation.
About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, LF Decentralized Trust, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact
Grace Lucier
The Linux Foundation
pr@linuxfoundation.org
View original content to download multimedia:https://www.prnewswire.com/news-releases/pytorch-foundation-announces-safetensors-as-newest-contributed-project-to-secure-ai-model-execution-302736068.html
SOURCE PyTorch Foundation
