Hugging Face Adds Trusted AI Kernel Infrastructure Hugging Face introduced a new Kernels update on July 6, adding a dedicated Hub repository type, trusted publisher gating, code signing via Sigstore, and enhanced provenance metadata to make custom AI kernels a safer, more discoverable infrastructure layer. The move addresses security risks from kernels running with full Python process privileges, enabling teams to verify compatibility and trust before deploying third-party kernels in production AI stacks. Hugging Face is turning custom AI kernels into a more discoverable and safer infrastructure layer, not just scattered native-code packages. The July 6 Kernels update adds a dedicated Hub repository type for kernels, trusted kernel publishers, preliminary code signing, stronger provenance metadata, and cleaner CLIs for building and loading optimized kernels. For practitioners, the useful shift is governance around performance code: kernels can speed up model workloads, but they also run with the same privileges as the Python process that loads them. Hugging Face is responding with publisher gating, Sigstore-based signing support, reproducible build practices, and metadata that makes accelerator and backend compatibility easier to inspect before teams put third-party kernels into production AI stacks.