cd /news/artificial-intelligence/pytorch-executorch-audit-complete · home topics artificial-intelligence article
[ARTICLE · art-57408] src=ostif.org ↗ pub= topic=artificial-intelligence verified=true sentiment=· neutral

PyTorch ExecuTorch Audit Complete!

The Open Source Technology Improvement Fund released the results of a security audit of PyTorch ExecuTorch, conducted by Trail of Bits in early 2026. The audit found 42 security findings, including 8 high-severity issues, primarily related to data validation. PyTorch maintainers have resolved the findings, and users are urged to update to the latest release.

read2 min views1 publishedJul 13, 2026

The Open Source Technology Improvement Fund is proud to share the results of our security audit of PyTorch ExecuTorch. PyTorch is a popular open source deep learning library, with multiple subprojects including ExecuTorch. ExecuTorch enables PyTorch on-device inference capabilities across mobile and edge devices. Thanks to Trail of Bits and Alpha-Omega, this project underwent a custom engagement of security review and testing.

Audit Process:

In January and February 2026, Trail of Bits engineers executed a whitebox code audit with static and dynamic testing through automated and manual processes. This engagement focused on the security of PTE file parsing and model , memory safety of the C++ runtime and kernel implementations, and input validation of data deserialized from model files. Auditors additionally fuzz tested PTE (Portable Tensor Executable) file parsing and execution paths.

Audit Results:

  • 42 Findings with Security Impact

  • 8 High

  • 14 Medium

  • 19 Low

  • 1 Undetermined

  • Future Security Development Recommendations

  • Verified Fix Review

  • Fuzz Testing Review and Development Results

Auditors note in the summary that this work was scoped in size and focus. In particular, the project would benefit from a complete component review, since this audit resulted in mainly data validation findings. PyTorch maintainers worked with the audit team to resolve the findings of this report and the audit report contains fix review results of this work. Update to the most recent release of PyTorch Executorch to take advantage of the hard work done by the individuals involved. Learn more about how you can contribute to PyTorch ExecuTorch on their webpage.

Thank you to the individuals and groups that made this engagement possible:

  • PyTorch ExecuTorch maintainers and community, especially: Lucy Qiu, Mergen Nachin, Bilgin Cagatay, and Jacob Szwejbka

  • Trail of Bits, especially: Artur Cygan, Will Vandevanter, Fredrik Dahlgren and Emily Doucette

  • Alpha-Omega You can read the Audit Report HERE

Everyone around the world depends on open source software. If you’re interested in supporting this critical work, reach out to us!

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @open source technology improvement fund 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/pytorch-executorch-a…] indexed:0 read:2min 2026-07-13 ·