Hugging Face introduces kernels as a new repository type with revamped tooling and security features
The Hugging Face Hub now supports 'kernel' repositories, alongside improved security via trusted publishers and code signing, and revamped CLIs for agentic kernel development.
1 source · cross-referenced
- Hugging Face launched 'kernels' as a new repository type on the Hub to standardize packaging and distribution of custom kernels.
- Security enhancements include trusted kernel publishers and code signing using Sigstore’s cosign to prevent malicious kernel execution.
- Revamped CLIs separate kernel loading (kernels) from kernel building (kernel-builder) for clearer tooling and agent-friendly workflows.
- Support expanded to Torch Stable ABI and Apache TVM FFI, enabling cross-framework kernel development.
- Agentic kernel development is now foundational, with tools designed to scaffold, build, benchmark, and optimize kernels via agent workflows.
Hugging Face introduced a new repository type on the Hub called "kernel" to standardize how custom kernels are packaged, distributed, and consumed. This change aims to make kernels first-class citizens on the Hub, improving discoverability and enabling users to assess compatibility with accelerators, operating systems, and backend versions before use. All available kernels can now be browsed on the Hub at https://huggingface.co/kernels.
Security for kernels has been significantly enhanced through two new layers: trusted kernel publishers and code signing. Kernels execute native code with the same privileges as the Python process that loads them, creating potential for harm if malicious. To mitigate this, the kernels package will only load kernels by trusted publishers by default. Users can opt in to load kernels from non-trusted publishers using the trust_remote_code argument. Trusted publishers are organizations vetted by the community to act in good faith, and users must request to become kernel publishers via their account settings. Code signing adds another defense by requiring kernels to be signed with ephemeral private keys using Sigstore’s cosign, validated with public keys. This protects against scenarios where a trusted publisher’s Hub credentials are compromised. Kernel signing is already supported in kernel-builder and verification tools like kernels verify-signature are available, though full enforcement during kernel loading is still being tested.
The tooling around kernels has been revamped with clearer separation of concerns between the kernels library and kernel-builder. The kernels library now focuses on loading and preparing kernels for use, while kernel-builder handles building kernels. This separation streamlines the CLI experience and aligns with the rise of agentic kernel development, where agents scaffold, build, benchmark, and iteratively optimize kernels. The revamped CLIs are designed to be non-interactive and produce outputs that are easy for agents to parse programmatically.
Support for kernels has expanded to include the Torch Stable ABI, which allows kernel developers to target a specific PyTorch version or any version released after it for roughly two years. Additionally, Apache TVM FFI is now supported, providing a standardized ABI for kernels that interoperates with frameworks such as PyTorch, JAX, and CuPy. This enables kernel developers to create kernels that run across multiple frameworks, broadening their applicability.
The revamped kernels project is positioned as a foundation for agentic kernel development. The structured workflow enforced by kernel-builder, combined with backend-specific skills that capture toolchain and compilation nuances, provides agents with predictable project layouts and repeatable workflows. This setup is intended to simplify integration into agentic systems and support iterative optimization of kernels for performance on target hardware.
- Jul 5, 2026 · TechCrunch — AI
Amazon to stop accepting new Mechanical Turk customers on July 30, 2026
Trust79 - Jul 5, 2026 · GitHub
Open source system prompt and skill library turns LLMs into design collaborators
Trust79 - Jul 5, 2026 · AWS — Machine Learning Blog
AWS GovCloud (US) adds OpenAI GPT OSS and NVIDIA Nemotron models to Amazon Bedrock
Trust84