ARM Open Sources AI-Powered Security Code Review (github.com)

Arm has announced the open-source release of Metis, an innovative AI security framework designed for deep security code reviews. Developed by Arm's Product Security Team, Metis utilizes advanced large language models (LLMs) with semantic understanding capabilities to help engineers identify subtle vulnerabilities in code, improve secure coding practices, and alleviate review fatigue—issues increasingly critical in handling large, complex, or legacy codebases where traditional tools may fall short. What sets Metis apart from conventional static analysis tools is its ability to deliver context-aware reviews using retrieval-augmented generation (RAG), along with a plugin-based architecture that allows easy extension for various programming languages. Metis supports established languages such as C, C++, Python, and Rust, and incorporates a dual validation process that cross-references its findings with third-party static application security testing (SAST) tools to minimize false positives. By providing customizable prompts for specific languages and robust configurations for different environments (including PostgreSQL and ChromaDB backends), Metis empowers teams to automate and optimize their security review processes, paving the way for more secure software development practices in the AI and machine learning landscape.