pickle

Safetensors Security Audit Confirms Safety, Format Becoming Default on Hugging Face

Hugging Face conducted an independent security audit of the Safetensors file format, which stores model weights without executable code. The audit confirmed the format is secure against the serialization-based attacks that affect formats like pickle. Safetensors is now being adopted as the default model weight format on the Hugging Face Hub, replacing less secure alternatives.