Safetensors Security Audit Confirms Safety, Format Becoming Default on Hugging Face
Hugging Face conducted an independent security audit of the Safetensors file format, which stores model weights without executable code. The audit confirmed the format is secure against the serialization-based attacks that affect formats like pickle. Safetensors is now being adopted as the default model weight format on the Hugging Face Hub, replacing less secure alternatives.
Related guides (3)
Related events (8)
Safetensors is Joining the PyTorch Foundation
The safetensors format, developed by Hugging Face as a secure and fast alternative to pickle-based model serialization, is being adopted under the PyTorch Foundation. This move formalizes safetensors as part of the broader PyTorch ecosystem, signaling growing standardization around safe model weight storage. The transition reflects increasing industry concern about supply-chain security in ML model distribution.
4M Models Scanned: Protect AI + Hugging Face 6 Months In
Protect AI and Hugging Face report on six months of collaborative model security scanning, having scanned 4 million models on the Hub for malicious payloads and vulnerabilities. The partnership focuses on supply-chain security for open-weight models, detecting threats like pickle exploits and unsafe serialization formats. The post provides a retrospective on findings, scale, and tooling developed over the period.
Hugging Face Teams Up with Protect AI: Enhancing Model Security for the ML Community
Hugging Face has announced a partnership with Protect AI to improve security for machine learning models hosted on the platform. The collaboration aims to address vulnerabilities in model files and supply chain risks that affect the broader ML community. Specific details about the technical implementation and scope of the security enhancements are not provided in the available content.
Hugging Face and VirusTotal Collaborate to Strengthen AI Security
Hugging Face and VirusTotal have announced a collaboration aimed at improving security around AI models and artifacts hosted on the Hugging Face platform. The partnership likely involves integrating VirusTotal's malware and threat detection capabilities with Hugging Face's model repository ecosystem. This addresses growing concerns about malicious code or backdoors embedded in publicly shared model weights and datasets.
Hugging Face and JFrog Partner to Improve AI Model Security Transparency
Hugging Face and JFrog have announced a partnership aimed at improving security transparency for AI models hosted on the Hugging Face platform. The collaboration likely involves integrating JFrog's software supply chain security capabilities with Hugging Face's model repository infrastructure. This addresses growing concerns about malicious or vulnerable models being distributed through open model hubs.
Hugging Face Partners with Wiz Research to Improve AI Security
Hugging Face has announced a security partnership with Wiz Research aimed at improving security practices across the AI model hosting platform. The collaboration focuses on identifying and addressing vulnerabilities in AI infrastructure and model supply chain security. This partnership reflects growing attention to security risks specific to AI platforms, including malicious model files and shared infrastructure threats.
Hugging Face Partners with TruffleHog to Scan for Secrets
Hugging Face has announced a partnership with TruffleHog (TruffleSecurity) to integrate secret scanning into the Hugging Face platform. The integration aims to detect accidentally exposed credentials, API keys, and other secrets in model repositories and datasets. This addresses a growing security concern as the platform hosts an increasing volume of user-uploaded artifacts.
Introducing SafeCoder
Hugging Face announced SafeCoder, an enterprise-focused code assistant product designed to run on-premises or in private cloud environments. The offering targets organizations that require data privacy and security guarantees, positioning it as an alternative to cloud-based coding assistants like GitHub Copilot. SafeCoder is built on top of open-weight code models and is sold as a managed solution for enterprise deployment.