Without reading the article, as a practicing AI Engineer here’s a couple of easy best practices:

• Use only the .safetensors files, the format is engineered specifically to allow only specific information necessary for NN frameworks
• Don’t use the ‘trust_remote_code=True’ parameter when serving your models without due consideration of the source of the model.

We’ve known pickle files have been unsafe for like three years at this point and people are still using them?