When working with machine learning models, especially the large ones, security is a constant concern. Most developers rely on the format and the ecosystem with hopes that everything works as advertised. This is where formats like safetensors become crucial. Recent independent audits have confirmed that safetensors is not only safe but also ready to be the new standard for AI model formats.
Imagine downloading a model, integrating it into your system, and unknowingly inviting malicious code. This is a tangible risk with traditional formats like PyTorch’s .pt or TensorFlow’s .pb, which can execute arbitrary code during deserialization. safetensors addresses these concerns by separating metadata from tensor values, avoiding arbitrary code execution altogether. Its philosophy is straightforward—what you load is what you get, and nothing more.
The audit was thorough, focusing on how the safetensors format and parser operate, conducted by the reputable Trail of Bits. Key findings include:
The results were clean, with only low-priority suggestions for documentation and fuzzing improvements.
The simplicity of safetensors is its strength. Here’s a breakdown:
This ensures no surprises or backdoors. Performance-wise, safetensors loads faster than pickle-based formats, especially with large tensors, combining safety with speed.
For developers familiar with safetensors, the audit is a relief. For others, it’s a green light to switch. Here’s how:
For Python, it’s straightforward:
pip install safetensors
This provides access to safe_open for reading and save_file for writing.
Convert a PyTorch model from .pt to .safetensors:
from safetensors.torch import save_file
import torch
model = torch.load("model.pt", map_location="cpu")
save_file(model, "model.safetensors")
Ensure your model’s state dict contains plain tensors, as custom modules or non-tensor objects won’t transfer—intentionally.
Loading is simple:
from safetensors.torch import safe_open
with safe_open("model.safetensors", framework="pt") as f:
for key in f.keys():
tensor = f.get_tensor(key)
This guarantees no unexpected code execution.
Update your tools, APIs, or training pipelines to prioritize .safetensors. Major libraries like Hugging Face and Transformers already support it.
Publishing models in this format signals safety and ease of use.
safetensors has proven its worth through rigorous auditing. It offers a reliable, fast, and secure alternative to pickle-based formats, delivering exactly what it promises. Its simplicity and security are its greatest assets, fostering trust and confidence among developers. The audit by Trail of Bits confirms that trust is well-placed, making safetensors a dependable choice for the future of AI model formats.
Discover how Tesla overlooks vital safety concerns for self-driving cars, raising questions about AI and autonomous vehicle safety.
Exploring the ethical integration of AI in law enforcement to enhance public safety while safeguarding fundamental rights and freedoms.
AI in campus security is revolutionizing safety with facial recognition technology and advanced AI-powered systems. Learn how these innovations enhance campus safety and protect students and staff
Discover how AI converts unstructured documents into usable data assets to streamline business operations efficiently.
Explore how AI in autonomous vehicles is transforming the automotive industry, enhancing safety and driving efficiency.
Learn how to perform sentiment analysis using TensorFlow Extended (TFX) with this comprehensive guide on creating and implementing models.
Can artificial intelligence make us safer? Discover how AI improves security, detects threats, and supports emergency response
How can you build intelligent systems without compromising data privacy? Substra allows organizations to collaborate and train AI models without sharing sensitive data.
Curious how you can run AI efficiently without GPU-heavy models? Discover how Q8-Chat brings real-time, responsive AI performance using Xeon CPUs with minimal overhead
Wondering if safetensors is secure? An independent audit confirms it. Discover why safetensors is the safe, fast, and reliable choice for machine learning models—without the risks of traditional formats.
Can microscopic robots really clear sinus infections from the inside out? Discover how magnetic microbots are revolutionizing sinus health by targeting infections with surgical precision.
Want to build your own language model from the ground up? Learn how to prepare data, train a custom tokenizer, define a Transformer architecture, and run the training loop using Transformers and Tokenizers.
How can Transformers, originally built for language tasks, be adapted for time series forecasting? Explore how Autoformer is taking it to the next level with its unique architecture.
How is technology transforming the world's most iconic cycling race? From real-time rider data to AI-driven strategies, Tour de France 2025 proves that endurance and innovation now ride side by side.
Want to analyze sensitive text data without compromising privacy? Learn how homomorphic encryption enables sentiment analysis on encrypted inputs—no decryption needed.
Looking to deploy machine learning models effortlessly? Dive into Hugging Face’s inference tools—from user-friendly APIs to scalable large language model solutions with TGI and SageMaker.
Wondering how the Hugging Face Hub can help cultural institutions share their resources? Discover how it empowers GLAMs to make their data accessible, discoverable, and collaborative with ease.
What happens when infrastructure outpaces innovation? Nvidia just overtook Apple to become the world’s most valuable company—and the reason lies deep inside the AI engines powering tomorrow.
Curious about PaddlePaddle's leap onto Hugging Face? Discover how this powerful deep learning framework just got easier to access, deploy, and share through the world’s biggest AI hub.