HF moves safetensors to the PyTorch Foundation
The popular safe tensor format moves to neutral Linux Foundation stewardship alongside PyTorch and vLLM.
Hugging Face has announced the official transfer of its Safetensors project to the PyTorch Foundation, which operates under the Linux Foundation. This strategic move places the popular safe tensor format—designed to prevent arbitrary code execution when loading model weights—under neutral stewardship alongside other key projects like PyTorch itself, vLLM, DeepSpeed, and Ray. The immediate practical impact for developers is minimal: the file format, APIs, and compatibility with the Hugging Face Hub remain unchanged. The core change is one of governance, with the trademark and repository now held by the Linux Foundation to foster open, community-driven development.
According to Lysandre from Hugging Face, the long-term goal is to unlock deeper optimizations across the Python/PyTorch ecosystem. By working directly with the PyTorch team, the project aims to explore integration within PyTorch core. This collaboration is expected to enable significant performance improvements, including device-aware loading for different accelerators (GPUs, TPUs), optimized loading for tensor and pipeline parallelism (tp/pp), and native support for new quantization methods and data types. Hugging Face is currently refining a multi-year roadmap for these enhancements and is inviting broader community participation to shape the future of the format.
- Safetensors trademark and repo now owned by Linux Foundation for neutral governance
- Format and API remain fully compatible; no changes required for current users
- Roadmap targets device-aware loading, distributed training optimizations, and new quantization support
Why It Matters
Centralizes development of a critical AI safety format, enabling deeper performance optimizations within the core PyTorch stack for faster model loading and inference.