How to ensure safe usage?

Hello! Thanks for completing the design.

You said that you are worried about pickle-based models containing harmful things, and that is true. Pickle files can contain Python objects that may be dangerous when loaded.

I can give you two solutions that I found, though these are only my own suggestions and there may be better ones.

1. Allow safetensors where possible Since pickle files can contain harmful Python objects, it is better to allow safetensors whenever possible. If needed, you can convert pickle-based models or other formats into safetensors first. This is safer, but for very large models it may be slow and a bit inefficient.

2. Sandbox every user in a separate virtual machine You can sandbox each user inside a separate virtual machine. Shared drivers and other core components can help speed up VM creation. For each new user, you can create a separate VM with a fresh Python environment, or one that already contains some default libraries if needed. This is usually better for larger models and more general workloads, but it can become harder to maintain as the system grows and may be more complex overall.

So in short, these are the two solutions I found, but there could definitely be better ones depending on the exact setup.