BotBeat
...
← Back

> ▌

ARM HoldingsARM Holdings
OPEN SOURCEARM Holdings2026-07-08

Arm Releases Metis: Open-Source AI-Powered Security Code Review Framework

Key Takeaways

  • ▸Metis leverages LLMs for semantic reasoning in security code review, moving beyond hardcoded rules of traditional static analysis tools
  • ▸Multi-provider LLM support and local model compatibility give organizations flexibility in inference choice and deployment strategy
  • ▸Plugin-based architecture enables easy extension to additional languages and security analysis capabilities
Source:
Hacker Newshttps://github.com/arm/metis↗

Summary

Arm's Product Security Team has released Metis, an open-source agentic AI security framework designed for deep security code review that leverages large language models (LLMs) with semantic understanding and reasoning capabilities. Unlike traditional linters or static analysis tools that rely on hardcoded rules, Metis can detect subtle vulnerabilities that conventional tooling often misses, particularly valuable for engineers working with large, complex, or legacy codebases.

Metis is distinguished by its deterministic local evidence review approach, which emphasizes source-local analysis and language-specific plugins over broad retrieval methods. The framework includes built-in issue validation that produces its own findings while also validating results from third-party SAST tools, reducing false positives and improving the reliability of security reviews. It supports multiple programming languages through a plugin-based system, making it straightforward to extend to additional languages as needed.

A key strength of Metis is its provider flexibility—it works with major LLM services including OpenAI, Anthropic, Gemini, and AWS Bedrock, as well as local models like Ollama and llama.cpp. This allows organizations to choose their preferred inference provider and run Metis entirely on-premise. The framework also supports multiple vector store backends, including ChromaDB for local usage and PostgreSQL with pgvector for scalable, multi-project deployments. Installation is straightforward via virtual environments or Docker, with configuration through a simple YAML file.

  • Built-in validation of findings and integration with third-party SAST tools reduce false positives and improve assessment reliability

Editorial Opinion

Arm's release of Metis represents a meaningful open-source contribution to the application security landscape. By combining LLM reasoning with deterministic local evidence collection, Metis addresses a real pain point in security engineering: reducing review toil while improving accuracy. The multi-provider LLM support and extensible architecture should make this tool valuable not just for Arm's own needs, but as a foundation the broader security community can build upon and adapt.

Large Language Models (LLMs)AI AgentsMachine LearningCybersecurityOpen Source

More from ARM Holdings

ARM HoldingsARM Holdings
OPEN SOURCE

Arm Open-Sources Metis, AI-Powered Security Framework Delivering 10x Better Vulnerability Detection

2026-05-29
ARM HoldingsARM Holdings
PRODUCT LAUNCH

Arm Pitches Agent-Specific CPU Design, But Intel Remains Skeptical on Need for Specialized Processors

2026-03-31
ARM HoldingsARM Holdings
PRODUCT LAUNCH

Arm CEO Teases Mystery AI Products as Company Pivots to Direct Chip Sales with AGI CPU Launch

2026-03-25

Comments

Suggested

Google / AlphabetGoogle / Alphabet
RESEARCH

Research Reveals Stark Trade-off Between LLM Safety Guardrails and Vulnerability Analysis Capability

2026-07-08
OpenAIOpenAI
PRODUCT LAUNCH

OpenAI to Unveil GPT-5.6 After Delaying Launch

2026-07-08
GitHubGitHub
RESEARCH

GitLost: Security Researchers Expose AI Agent Vulnerability Enabling Private Repository Disclosure

2026-07-08
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us