PyTorch
Company Details
Linkedin ID:
pytorch
Website:
Employees number:
58
Number of followers:
297,015
NAICS:
5417
Industry Type:
Homepage:
pytorch.org
IP Addresses:
0
Company ID:
PYT_3585830
Scan Status:
In-progress
PyTorch Company CyberSecurity Posture
pytorch.org
An open source machine learning framework that accelerates the path from research prototyping to production deployment. PyTorch is an open source project at the Linux Foundation.
PyTorch A.I CyberSecurity Scoring
PyTorch Risk Score (AI oriented)Between 700 and 749
PyTorch
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PyTorch Global Score (TPRM)XXXX
PyTorch
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PyTorch Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
PyTorch
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A critical vulnerability in PyTorch was identified as CVE-2025-32434 that allows attackers to execute malicious code remotely. The security flaw was found in the torch.load function when used with the weights_only=True parameter, which was formerly considered a safe approach for loading models from untrusted sources. This undermines PyTorch's security recommendations, as many organizations and developers had deployed this parameter specifically for security measures. The vulnerability allows hackers to create harmful model files that, upon loading, can run arbitrary code on the victim's system leading to potential total system compromise. This becomes treacherously dangerous for machine learning pipelines that download and load models from external sources or collaborative environments automatically.
PyTorch
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A major security flaw has been found in PyTorch, an open-source machine learning framework, which affects all versions up to and including 2.5.1. The flaw, identified as CVE-2025-32434, allows for remote code execution by attackers on systems that load AI models, even with protective measures enabled. The flaw is located within the torch.load() function. Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch is vulnerable. The vulnerability may grant full control over the attacked system and has been classified as critical due to its low complexity and high impact. All users are urged to upgrade immediately to PyTorch 2.6.0.
PyTorch Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PyTorch
Incidents vs Research Services Industry Average (This Year)
PyTorch has 284.62% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
PyTorch has 212.5% more incidents than the average of all companies with at least one recorded incident.
Incident Types PyTorch vs Research Services Industry Avg (This Year)
PyTorch reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — PyTorch (X = Date, Y = Severity)
PyTorch cyber incidents detection timeline including parent company and subsidiaries
PyTorch Company Subsidiaries
An open source machine learning framework that accelerates the path from research prototyping to production deployment. PyTorch is an open source project at the Linux Foundation.
Loading...
PyTorch Similar Companies
The University of Edinburgh
Imagine what you could do at a world-leading university that is globally recognised for its teaching, research and innovation. The University of Edinburgh has been providing students with world-class teaching for more than 425 years, unlocking the potential of some of the world's leading thinkers
UCL
UCL (University College London) is London's leading multidisciplinary university, ranked 9th in the QS World University Rankings. Established in 1826 UCL opened up education in England for the first time to students of any race, class or religion and was also the first university to welcome female
CNRS
The French National Centre for Scientific Research is among the world's leading research institutions. Its scientists explore the living world, matter, the Universe, and the functioning of human societies in order to meet the major challenges of today and tomorrow. Internationally recognised for the
Los Alamos National Laboratory is one of the world’s most innovative multidisciplinary research institutions. We're engaged in strategic science on behalf of national security to ensure the safety and reliability of the U.S. nuclear stockpile. Our workforce specializes in a wide range of progressive
The PPD™ clinical research business of Thermo Fisher Scientific, the world leader in serving science, enables customers to accelerate innovation and drug development through patient-centered strategies and data analytics. Our services, which span multiple therapeutic areas, include early development
Utrecht University
At Utrecht University (UU), we are working towards a better world. We do this by researching complex issues beyond the borders of disciplines. We put thinkers in contact with doers, so new insights can be applied. We give students the space to develop themselves. In so doing, we make substantial con
Chinese Academy of Sciences
The Chinese Academy of Sciences (CAS) is the lead national scientific institution in natural sciences and high technology development in China and the country's supreme scientific advisory body. It incorporates three major parts: a comprehensive research and development network consisting of 104 res
Delft University of Technology
Delft University of Technology (TU Delft) is a leading technical university in the Netherlands, known for our world-class engineering, science and design education. We offer top-ranked education and PhD programmes, and we conduct cutting-edge research that addresses global challenges. TU Delft play
King's College London
King’s College London is amongst the top 40 universities in the world and top 10 in Europe (THE World University Rankings 2024), and one of England’s oldest and most prestigious universities. With an outstanding reputation for world-class teaching and cutting-edge research, King’s maintained its si
.png)
PyTorch CyberSecurity News
November 24, 2025 10:17 AM
vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads
A memory bug in vLLM versions 0.10.2 and later lets attackers run remote code by sending harmful prompt embeddings to the Completions API.
November 24, 2025 09:28 AM
vLLM Vulnerability Enables Remote Code Execution Through Malicious Payloads
The vulnerability affects vLLM versions 0.10.2 and later, stemming from improper handling of user-supplied prompt embeddings.
November 17, 2025 12:27 PM
Critical RCE Vulnerabilities in AI Inference Engines Exposes Meta, Nvidia and Microsoft Frameworks
As artificial intelligence infrastructure rapidly expands, critical security flaws threaten the backbone of enterprise AI deployments.
November 14, 2025 08:00 AM
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI)...
October 29, 2025 10:22 AM
Why Old Vulnerabilities Still Undermine AI Security
Explore how outdated vulnerabilities continue to undermine AI security, posing serious risks to systems and data despite advanced protection measures.
September 25, 2025 07:00 AM
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges
A critical vulnerability in NVIDIA's Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote...
September 25, 2025 07:00 AM
Critical Vulnerability in NVIDIA Merlin Allows Remote Code Execution with Root Privileges
Discovered by the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team, the flaw stems from unsafe deserialization in the model...
September 25, 2025 07:00 AM
NVIDIA Merlin Flaw Enables Remote Code Execution with Root Access
A critical vulnerability in NVIDIA's Merlin Transformers4Rec library allows attackers to achieve remote code execution with root privileges.
August 26, 2025 07:00 AM
Hackers Can Exploit Image Scaling in Gemini CLI, Google Assistant to Exfiltrate Sensitive Data
Hackers can weaponize hidden prompts revealed by downscaled images to trigger sensitive tool actions and achieve data exfiltration in Gemini...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PyTorch CyberSecurity History Information
Official Website of PyTorch
The official website of PyTorch is http://www.pytorch.org.
PyTorch’s AI-Generated Cybersecurity Score
According to Rankiteo, PyTorch’s AI-generated cybersecurity score is 749, reflecting their Moderate security posture.
How many security badges does PyTorch’ have ?
According to Rankiteo, PyTorch currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does PyTorch have SOC 2 Type 1 certification ?
According to Rankiteo, PyTorch is not certified under SOC 2 Type 1.
Does PyTorch have SOC 2 Type 2 certification ?
According to Rankiteo, PyTorch does not hold a SOC 2 Type 2 certification.
Does PyTorch comply with GDPR ?
According to Rankiteo, PyTorch is not listed as GDPR compliant.
Does PyTorch have PCI DSS certification ?
According to Rankiteo, PyTorch does not currently maintain PCI DSS compliance.
Does PyTorch comply with HIPAA ?
According to Rankiteo, PyTorch is not compliant with HIPAA regulations.
Does PyTorch have ISO 27001 certification ?
According to Rankiteo,PyTorch is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of PyTorch
PyTorch operates primarily in the Research Services industry.
Number of Employees at PyTorch
PyTorch employs approximately 58 people worldwide.
Subsidiaries Owned by PyTorch
PyTorch presently has no subsidiaries across any sectors.
PyTorch’s LinkedIn Followers
PyTorch’s official LinkedIn profile has approximately 297,015 followers.
NAICS Classification of PyTorch
PyTorch is classified under the NAICS code 5417, which corresponds to Scientific Research and Development Services.
PyTorch’s Presence on Crunchbase
No, PyTorch does not have a profile on Crunchbase.
PyTorch’s Presence on LinkedIn
Yes, PyTorch maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pytorch.
Cybersecurity Incidents Involving PyTorch
As of December 02, 2025, Rankiteo reports that PyTorch has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
PyTorch has an estimated 4,814 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at PyTorch ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does PyTorch detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with upgrade to pytorch 2.6.0..
Incident Details
Can you provide details on each incident ?
Title: PyTorch Remote Code Execution Vulnerability
Description: A major security flaw has been found in PyTorch, an open-source machine learning framework, which affects all versions up to and including 2.5.1. The flaw, identified as CVE-2025-32434, allows for remote code execution by attackers on systems that load AI models, even with protective measures enabled. The flaw is located within the torch.load() function. Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch is vulnerable. The vulnerability may grant full control over the attacked system and has been classified as critical due to its low complexity and high impact. All users are urged to upgrade immediately to PyTorch 2.6.0.
Type: Vulnerability Exploit
Attack Vector: Remote Code Execution
Vulnerability Exploited: CVE-2025-32434
Title: Critical Vulnerability in PyTorch CVE-2025-32434
Description: A critical vulnerability in PyTorch was identified as CVE-2025-32434 that allows attackers to execute malicious code remotely. The security flaw was found in the torch.load function when used with the weights_only=True parameter, which was formerly considered a safe approach for loading models from untrusted sources. This undermines PyTorch's security recommendations, as many organizations and developers had deployed this parameter specifically for security measures. The vulnerability allows hackers to create harmful model files that, upon loading, can run arbitrary code on the victim's system leading to potential total system compromise. This becomes treacherously dangerous for machine learning pipelines that download and load models from external sources or collaborative environments automatically.
Type: Vulnerability Exploitation
Attack Vector: Remote Code Execution
Vulnerability Exploited: CVE-2025-32434
Motivation: Malicious Code Execution
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through torch.load function with weights_only=True parameter.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploit PYT500042125
Systems Affected: Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch
Incident : Vulnerability Exploitation PYT500042125
Systems Affected: Machine learning pipelines
Operational Impact: Potential total system compromise
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation PYT500042125
Entity Name: PyTorch Users
Entity Type: Developers and Organizations
Industry: Technology, Machine Learning
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploit PYT500042125
Remediation Measures: Upgrade to PyTorch 2.6.0
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to PyTorch 2.6.0, .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploit PYT500042125
Recommendations: Upgrade to PyTorch 2.6.0
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploitation PYT500042125
Entry Point: torch.load function with weights_only=True parameter
High Value Targets: Machine learning pipelines
Data Sold on Dark Web: Machine learning pipelines
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation PYT500042125
Root Causes: Security flaw in torch.load function
Additional Questions
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch and .
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Upgrade to PyTorch 2.6.0.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an torch.load function with weights_only=True parameter.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=pytorch' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
