Electronics

Arm open sources Metis | Electronics Weekly

Posted by author-avatar
0
Arm Metis logo

To help address this challenge, Arm’s product security team has developed and open-sourced Metis, an agentic AI security framework designed to identify complex security issues across large-scale codebases.

Within Arm, Metis is already running across more than 130 software projects, with plans for Arm-wide software adoption by late 2026.

Metis helps engineering teams identify issues earlier, reduce development overhead and improve the overall security and performance of products.

By combining advanced analysis techniques with AI-enabled workflows, that are difficult to detect using existing approaches, as well as identifying them earlier in the process.

This helps save time and reduce costs on engineering resources and validation cycles, while improving product quality.

Metis is improving detection quality and developer productivity, with internal Arm benchmarks that have not been trained by AI showing that it delivers:

  • Up to 10x higher true positive rates; and
  • Approximately 50% fewer false positives compared to leading static analysis tools.

False positives consume valuable engineering time and can reduce trust in automated tooling. By reducing false positives, Metis helps engineering teams focus on the issues that matter most, accelerating remediation and reducing wasted effort during validation and review.

Metis is built on a retrieval-augmented generation (RAG) architecture that combines large language models (LLMs) with project-specific knowledge to deliver contextual security analysis.

Unlike traditional static analysis tools that rely primarily on fixed rules and pattern matching, Metis understands code in context and creates a custom knowledge base using source code, build files and documentation, giving a deeper understanding of how systems are designed and intended to operate.

This allows Metis to analyze entire repositories, individual files, pull requests or recent code changes, so it can identify more complex vulnerabilities across functions, components and workflows.

In addition, Metis can validate findings from both its own analysis and external static application security testing (SAST) tools. By navigating source code, constructing detailed graphs, gathering supporting evidence and reasoning over potential security issues, Metis can distinguish likely vulnerabilities from false positives.

Arm’s internal benchmark showing Metis with GPT-5.5-Cyber model through OpenAI Daybreak

In Arm’s internal deployments, Metis uses OpenAI’s GPT-5.5-Cyber through OpenAI Daybreak as a part of its defensive security workflow and pairs advanced AI reasoning with deep, respository-specific context across source code.

Metis also explains why a particular issue matters, providing developers and engineers with clear, actionable summaries that help accelerate remediation and improve secure development practices. Metis supports a wide range of programming languages, including C, C++, Python and Rust to name a few, with a full list of supported languages available here.

Security challenges are industry-wide challenges. This is why Arm chose to open source Metis and make it available to the broader ecosystem. The project is already seeing adoption beyond Arm, including interest from partners exploring how AI-enabled vulnerability discovery can improve their own development workflows.

While Metis is initially focusing on software vulnerability discovery, Arm is already expanding the technology into new domains. The project recently added support for Verilog and Arm is working with ecosystem partners to explore how Metis can help support more automated approaches to hardware vulnerability verification.

As AI systems, silicon and software stacks become increasingly interconnected, security analysis needs to evolve beyond isolated software scanning toward broader system-level verification.

By improving vulnerability discovery, reducing developer overhead and expanding verification across software, Metis helps strengthen the foundation for the next generation of secure computing.

For more about Metis and to explore the open-source project on GitHub or contact the Arm Product security team on metis@arm.com

Newer
Two charged after bystander fatally shot outside bar
Back to list
Older Sunbed firm in hot seat over false claims that tanned skin protects against sunburn | Health

Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *