Hugging Face announced that Safetensors, its open-source serialization format for machine learning models, is joining the PyTorch Foundation. The move will integrate Safetensors more deeply into the PyTorch ecosystem, making it an official part of the foundation's portfolio of projects. This transition marks a significant step in standardizing how AI models are stored and shared across the industry.
Safetensors was developed to address critical security and performance issues with traditional model serialization formats like pickle, which can execute arbitrary code when loading models and pose security risks. The format provides a safer alternative by using a simple, auditable structure that prevents code execution vulnerabilities while also offering faster loading times and better memory efficiency. Since its introduction, Safetensors has been widely adopted across major AI platforms and has become the default format for many model repositories on Hugging Face Hub.
The integration into the PyTorch Foundation will likely accelerate Safetensors adoption across the broader AI development community and establish it as an industry standard. Developers can expect improved tooling, better documentation, and tighter integration with PyTorch workflows, while users will benefit from enhanced security when downloading and using AI models from various sources.