Arm Open-Sources Metis, an AI Security Framework Outperforming Traditional SAST Tools
InfoQ, Saturday, May 30th, 2026
Arm open-sourced Metis, an AI security framework that uses semantic reasoning to detect vulnerabilities with 98% accuracy and 50% fewer false positives than traditional SAST tools.
Arm has open-sourced Metis, an agentic AI security framework designed to autonomously uncover complex software vulnerabilities using semantic reasoning instead of traditional pattern-matching approaches. Unlike traditional SAST tools, Metis uses retrieval-augmented generation (RAG) to enhance language models with project-specific context, allowing it to achieve up to 10x higher true positive rates and approximately 50% fewer false positives.
The framework supports multiple programming languages including C, C++, Python, Go, TypeScript, and Rust, and can operate alongside external SAST tools to validate findings and reduce false positives. Metis provides clear, actionable explanations for security findings and achieved 98% accuracy in Arm's internal benchmarks using GPT-5.5-Cyber, compared to just 6% for traditional SAST tools.