PyTorch ExecuTorch Audit Complete! The Open Source Technology Improvement Fund released the results of a security audit of PyTorch ExecuTorch, conducted by Trail of Bits in early 2026. The audit found 42 security findings, including 8 high-severity issues, primarily related to data validation. PyTorch maintainers have resolved the findings, and users are urged to update to the latest release. The Open Source Technology Improvement Fund is proud to share the results of our security audit of PyTorch ExecuTorch https://pytorch.org/projects/executorch/ . PyTorch https://pytorch.org/ is a popular open source deep learning library, with multiple subprojects including ExecuTorch. ExecuTorch enables PyTorch on-device inference capabilities across mobile and edge devices. Thanks to Trail of Bits https://trailofbits.com/ and Alpha-Omega https://alpha-omega.dev/ , this project underwent a custom engagement of security review and testing. Audit Process : In January and February 2026, Trail of Bits engineers executed a whitebox code audit with static and dynamic testing through automated and manual processes. This engagement focused on the security of PTE file parsing and model loading, memory safety of the C++ runtime and kernel implementations, and input validation of data deserialized from model files. Auditors additionally fuzz tested PTE Portable Tensor Executable file parsing and execution paths. Audit Results : - 42 Findings with Security Impact - 8 High - 14 Medium - 19 Low - 1 Undetermined - Future Security Development Recommendations - Verified Fix Review - Fuzz Testing Review and Development Results Auditors note in the summary that this work was scoped in size and focus. In particular, the project would benefit from a complete component review, since this audit resulted in mainly data validation findings. PyTorch maintainers worked with the audit team to resolve the findings of this report and the audit report contains fix review results of this work. Update to the most recent release of PyTorch Executorch to take advantage of the hard work done by the individuals involved. Learn more about how you can contribute to PyTorch ExecuTorch on their webpage https://pytorch.org/projects/executorch/ . Thank you to the individuals and groups that made this engagement possible: - PyTorch ExecuTorch maintainers and community, especially: Lucy Qiu, Mergen Nachin, Bilgin Cagatay, and Jacob Szwejbka - Trail of Bits, especially: Artur Cygan, Will Vandevanter, Fredrik Dahlgren and Emily Doucette - Alpha-Omega You can read the Audit Report HERE Everyone around the world depends on open source software. If you’re interested in supporting this critical work, reach out to us https://forms.clickup.com/90132124106/f/2ky4p4ea-3833/O6UZRESBTKJLR0VB72