Metis is an open-source tool developed by Arm's Product Security Team, designed for deep security code reviews using AI. Unlike traditional static analysis tools that rely on fixed rules, Metis employs large language models (LLMs) for semantic understanding, allowing it to identify subtle vulnerabilities more effectively. This approach is particularly beneficial for large or legacy codebases, where conventional tools may struggle. The tool supports multiple programming languages, including C, C++, Python, Rust, TypeScript, and Go, all with built-in plugins. It also allows for easy extensibility, so developers can add support for additional languages and customize prompts to suit their needs. Metis can operate with different vector store backends, defaulting to ChromaDB for local use, while also supporting PostgreSQL for more extensive indexing and project management. To get started, users need to clone the repository, set up dependencies, and configure their environment, including their OpenAI API key. Running Metis involves indexing the codebase and executing security reviews, with options for non-interactive mode to facilitate automation in CI/CD pipelines. The configuration files enable tailored settings for different projects, including LLM provider specifics and database connections. The interactive CLI provides a range of commands for security analysis, making it flexible for various use cases.