Arm open-sourced Metis on May 30, an agentic AI security framework that uses LLM-driven semantic reasoning to autonomously discover software vulnerabilities across component dependencies. The license is Apache 2.0; code is on GitHub. Headline benchmark, from Arm's internal evaluation using GPT-5.5-Cyber as the base model: 98 percent accuracy at identifying vulnerabilities versus 6 percent for traditional pattern-based SAST tools, with up to ten times higher true-positive detection rates and around 50 percent fewer false positives. Metis works with any OpenAI-compatible LLM, supports C, C++, Python, Go, TypeScript, Rust, and more, and can operate alongside existing SAST tools to validate their findings and prune false positives. Within Arm, Metis is already running across more than 130 software projects, with plans for Arm-wide adoption by late 2026.

The architecture is the substance of the move. Traditional SAST is pattern-matching on syntax and known taint signatures, which is why it has the well-known precision-recall problem: cast wide nets to catch real bugs and you drown in false positives; tighten the patterns and you miss the bug classes that require understanding what the code actually does across files. Metis applies LLM-driven reasoning to the relationships between components, which is the level where most production-grade vulnerabilities live (auth bypass via cross-module assumption mismatch, deserialization gadgets across dependency boundaries, time-of-check-time-of-use windows that span multiple call sites). The natural-language explanations Metis generates for findings are also the thing SAST never gave you: a SAST report is a list of line numbers and rule IDs; an LLM-reasoned report is a hypothesis about how an attacker would reach the unsafe state. That changes the triage cost per finding more than the raw detection numbers suggest.

Two ecosystem threads. First, the benchmark gap is real but vendor-published. Arm's 98 versus 6 number is from their internal eval, and like every "we beat the prior thing by 16x" claim, it needs independent reproduction on workloads that match yours before betting infrastructure. The promising signal is that Arm is deploying Metis at scale internally already (130+ projects, full-company adoption planned), which is a strong dogfood signal even if external benchmarks have not landed yet. Second, the "validates external SAST findings" mode is the integration path most production teams will actually want first. Existing SAST tools (CodeQL, Semgrep, Snyk Code) generate a lot of noise; using Metis as a downstream verifier to prune false positives is a lower-risk adoption than replacing SAST entirely. That hybrid posture is what makes Metis a complement to existing pipelines rather than a forced rip-and-replace.

Monday morning, if you ship code that goes through any SAST gate: Metis is worth testing as the false-positive-reduction layer on top of your existing tool, given Apache 2.0 license and OpenAI-compatible LLM backend. If you build with C, C++, Rust, or Go, the language support is there. Run Metis against your last 100 SAST findings, count how many it correctly drops as false positives versus how many true positives it correctly escalates, and decide based on that signal rather than the 98 percent headline. If you do not have an existing SAST pipeline, Metis is also a green-field option, though the new-deployment path is the riskier one given the lack of third-party benchmark reproduction yet. And if you are a security tool vendor, the agentic-LLM-on-top-of-existing-rules pattern is the design move worth studying.