{"slug": "pytorch-executorch-audit-complete", "title": "PyTorch ExecuTorch Audit Complete!", "summary": "The Open Source Technology Improvement Fund released the results of a security audit of PyTorch ExecuTorch, conducted by Trail of Bits in early 2026. The audit found 42 security findings, including 8 high-severity issues, primarily related to data validation. PyTorch maintainers have resolved the findings, and users are urged to update to the latest release.", "body_md": "The **Open Source Technology Improvement Fund** is proud to share the results of our security audit of [PyTorch ExecuTorch](https://pytorch.org/projects/executorch/). [PyTorch](https://pytorch.org/) is a popular open source deep learning library, with multiple subprojects including ExecuTorch. ExecuTorch enables PyTorch on-device inference capabilities across mobile and edge devices. Thanks to [Trail of Bits](https://trailofbits.com/) and [Alpha-Omega](https://alpha-omega.dev/), this project underwent a custom engagement of security review and testing.\n\n**Audit Process**:\n\nIn January and February 2026, Trail of Bits engineers executed a whitebox code audit with static and dynamic testing through automated and manual processes. This engagement focused on the security of PTE file parsing and model loading, memory safety of the C++ runtime and kernel implementations, and input validation of data deserialized from model files. Auditors additionally fuzz tested PTE (Portable Tensor Executable) file parsing and execution paths.\n\n**Audit Results**:\n\n- 42 Findings with Security Impact\n- 8 High\n- 14 Medium\n- 19 Low\n- 1 Undetermined\n\n- Future Security Development Recommendations\n- Verified Fix Review\n- Fuzz Testing Review and Development Results\n\nAuditors note in the summary that this work was scoped in size and focus. In particular, the project would benefit from a complete component review, since this audit resulted in mainly data validation findings. PyTorch maintainers worked with the audit team to resolve the findings of this report and the audit report contains fix review results of this work. Update to the most recent release of PyTorch Executorch to take advantage of the hard work done by the individuals involved. Learn more about how you can contribute to PyTorch ExecuTorch on their [webpage](https://pytorch.org/projects/executorch/#).\n\n**Thank you** to the individuals and groups that made this engagement possible:\n\n- PyTorch ExecuTorch maintainers and community, especially: Lucy Qiu, Mergen Nachin, Bilgin Cagatay, and Jacob Szwejbka\n- Trail of Bits, especially: Artur Cygan, Will Vandevanter, Fredrik Dahlgren and Emily Doucette\n- Alpha-Omega\n\nYou can read the Audit Report **HERE**\n\nEveryone around the world depends on open source software. If you’re interested in supporting this critical work, [reach out to us](https://forms.clickup.com/90132124106/f/2ky4p4ea-3833/O6UZRESBTKJLR0VB72)!", "url": "https://wpnews.pro/news/pytorch-executorch-audit-complete", "canonical_source": "https://ostif.org/pytorch-executorch-audit-complete/", "published_at": "2026-07-13 14:00:08+00:00", "updated_at": "2026-07-13 14:12:33.730941+00:00", "lang": "en", "topics": ["artificial-intelligence", "machine-learning", "ai-safety", "ai-infrastructure", "developer-tools"], "entities": ["Open Source Technology Improvement Fund", "PyTorch ExecuTorch", "PyTorch", "Trail of Bits", "Alpha-Omega", "Lucy Qiu", "Mergen Nachin", "Bilgin Cagatay"], "alternates": {"html": "https://wpnews.pro/news/pytorch-executorch-audit-complete", "markdown": "https://wpnews.pro/news/pytorch-executorch-audit-complete.md", "text": "https://wpnews.pro/news/pytorch-executorch-audit-complete.txt", "jsonld": "https://wpnews.pro/news/pytorch-executorch-audit-complete.jsonld"}}