Hugging Face has significantly updated its Kernels project by introducing a new "kernel" repository type on the Hub, alongside major security enhancements including trusted publishers and code signing. These changes aim to improve discoverability and protect users from malicious kernels that execute with native code privileges.
- Trusted kernel publishers are now required by default for loading kernels; users must explicitly opt-in via `trust_remote_code` for untrusted sources.
- Code signing using Sigstore’s cosign protects against credential compromise by validating kernels signed with ephemeral private keys in trusted GitHub workflows.
- Support has been extended to include the Torch Stable ABI and Apache TVM FFI, enabling interoperability across frameworks like PyTorch, Jax, and CuPy.
- The project now supports agentic kernel development, providing agents with scaffolded structures, agent-optimized CLIs, and integration with HF Jobs for benchmarking.
These updates make kernels more secure and discoverable while establishing a foundation for automated, agent-driven optimization workflows.