Hugging Face has shipped a major overhaul of Kernels, its system for packaging and distributing the low-level "custom kernels" that make AI models run faster on specialized hardware. According to the Hugging Face blog, the update touches nearly every part of the project, from security to discoverability to support for AI coding agents.

The headline change is that kernels now get their own first-class repository type on the Hugging Face Hub, at huggingface.co/kernels. These pages show which accelerator, operating system, and backend versions a given kernel supports, making it easier to find one that fits your setup.

Security is a central theme. Hugging Face notes that kernels run native code with the same privileges as the Python process loading them, which raises the stakes if a malicious one slips through. To address this, the update adds a "trusted kernel publishers" system that only loads kernels from trusted organizations by default, code signing built on Sigstore's cosign, and reproducible builds. Users can check a kernel's signature with a new kernels verify-signature command.

The release also splits the tooling into two pieces, kernels for loading and kernel-builder for compiling, and expands framework support. According to the blog, that now includes Torch's stable ABI and Apache TVM's FFI, which aims to make kernels work across PyTorch, JAX, and CuPy. Technologies referenced include CUDA, NVIDIA and AMD (MI300) GPUs.

A further focus is "agentic" development: predictable project layouts and backend-specific skills designed to let AI coding agents build and benchmark kernels with less human hand-holding.

Why it matters: kernels are the unglamorous plumbing that determines how efficiently AI models run, and making them safer and easier to share lowers a real barrier for developers squeezing more performance out of their hardware.