Hugging Face contributed Safetensors to the PyTorch Foundation on April 8, making the de facto standard for AI model storage a vendor-neutral, community-governed project under the Linux Foundation. The format now sits alongside PyTorch itself, DeepSpeed, vLLM, and Ray.
What Happened
Safetensors has been accepted as a foundation-hosted project under the PyTorch Foundation. The trademark, repository, and governance now belong to the Linux Foundation rather than any single company. Formal governance documentation (GOVERNANCE.md and MAINTAINERS.md) defines how the community manages the project going forward.
The core maintainers, Luc Georges and Lysandre, remain on the Technical Steering Committee. The change is structural: organizations building on Safetensors now have a stable, long-term foundation with transparent governance instead of depending on a single company's priorities.
Safetensors replaced the older pickle-based format that could execute arbitrary code when loading a model file. The format uses a JSON header (hard-capped at 100MB) describing tensor metadata, followed by raw tensor data. This enables zero-copy loading via direct disk mapping and lazy loading of individual weights without deserializing the full checkpoint.
Why It Matters for Creators
If you download and run AI models locally, whether for image generation with Stable Diffusion, text generation with open-source LLMs, or audio with voice models, you almost certainly use Safetensors files. Tens of thousands of models across the Hugging Face Hub and other platforms distribute weights in this format.
The move to a foundation means the format will not be abandoned or changed based on one company's business decisions. For creators who build workflows around local AI models, this is the kind of infrastructure stability that lets you invest in tooling without worrying about the ground shifting underneath.
Key Details
New home: PyTorch Foundation (Linux Foundation). Joins PyTorch, DeepSpeed, vLLM, and Ray.
Security: Eliminates pickle-based arbitrary code execution risk in model loading.
Performance: Zero-copy loading, lazy weight access, 100MB JSON header limit.
Adoption: Default format for tens of thousands of models across all AI modalities.
What to Do Next
No action needed for most users. Safetensors files continue to work exactly as before. If you maintain AI tools or model pipelines, check the updated governance documentation for contribution guidelines. The vendor-neutral structure makes it easier for organizations to contribute improvements and rely on the format long-term.
This story was covered by Creative AI News.
Subscribe for free to get the weekly digest every Tuesday.
