Arm Metis: AI Boosts Software Security Vulnerability Discovery

Arm's product security team has developed and open-sourced Metis, an agentic AI security framework. This tool is designed to find complex security issues in large software codebases. Metis is already being used across more than 130 software projects within Arm, with plans for wider adoption by late 2026. What's interesting is that Metis can identify sophisticated security vulnerabilities that traditional tools often miss. It does this by combining advanced analysis with AI-enabled workflows. Internal benchmarks show Metis delivers up to 10 times higher true positive rates and approximately 50% fewer false positives compared to leading static analysis tools. This helps engineers focus on real issues and reduces wasted effort. Metis uses a retrieval-augmented generation architecture, combining large language models with project-specific knowledge for contextual security analysis. It understands code in context and creates a custom knowledge base. This technology could help make the software we use more secure.