Krux
April 10, 2026
Hugging Face Hands Safetensors to PyTorch Foundation
Published: April 10, 2026 at 12:43 AM
Updated: April 10, 2026 at 12:43 AM
100-word summary
Safetensors, the file format that keeps AI models from running malicious code when you load them, just became a Linux Foundation project. Hugging Face built it to replace pickle, Python's default storage method that can execute arbitrary code during loading. Think of it as the difference between opening a text file and running a random executable someone emailed you. The format has quietly become the standard for sharing open AI models. Nothing changes for users today, but the roadmap includes loading weights directly onto GPUs and better support for split-model training. Hugging Face stays on the steering committee, but giving it a vendor-neutral home signals the industry sees this as...
What happened
Safetensors, the file format that keeps AI models from running malicious code when you load them, just became a Linux Foundation project. Hugging Face built it to replace pickle, Python's default storage method that can execute arbitrary code during loading. Think of it as the difference between opening a text file and running a random executable someone emailed you. The format has quietly become the standard for sharing open AI models. Nothing changes for users today, but the roadmap includes loading weights directly onto GPUs and better support for split-model training.
Why it matters
Hugging Face stays on the steering committee, but giving it a vendor-neutral home signals the industry sees this as critical infrastructure, not just one company's tool.