Metis

Last updated: Jun 30, 2026


How does Fluid Attacks' solution compare to Metis's?

The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company's cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.

Organization

AttributeEssentialAdvancedMetis
FocusNative ASPM with in-house scannersAI-powered PTaaS on top of native ASPM with in-house scannersAI-powered SAST
ExtrasNoneNoneSemiconductor IP design and processor architecture licensing
Headcount157Same11588
Headcount distributionEngineering 40%, IT 14%, sales 15%, marketing 2%, operations 4% and others 25%SameEngineering 56%, IT 7%, sales 2%, operations 4% and others 31%
Headcount growth+14%, +15%, -1%Same+6%, +12%, +32%
HeadquartersCO and USSameGB
CountriesAR, BO, CA, CL, CO, DO, MX, PA, PE and USSameGB, IN and US
Reputation9.76 from 228 reviews over 8 years on Gartner and ClutchSameNo reviews
Followers22K based on the following: Facebook, Instagram, LinkedIn, X and YouTubeSame1.1M based on the following: Facebook, Instagram, LinkedIn, X and YouTube
Research firmsNoneNoneGartner
Founded2001Same1990
FundingBootstrappedSame231M USD in 1 rounds from 35 investors
AcquisitionsNoneNoneAcquired 1 time and made 21 acquisitions
Revenue10M to 15MSame1B to 5B
CVEs as CNA Researcher289 CVEs reported to MITRE, ranked in the top 10 CVE labs worldwideSame53 CVEs reported to MITRE
ComplianceGDPR, ISO/IEC 27001:2022, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019, PCI DSS, SOC 2 Type II and SOC 3SameGDPR and ISO/IEC 9001
Bug bountyYesYesYes
Visits64K per month. Top 3: 18% CO, 9% US, 5% BR. Others 68%Same1.2M per month. Top 3: 28% US, 10% GB and 7% CN. Others 55%
Authority33 out of 100Same53 out of 100
Public vulnerability DBDiscovered and third-partySameNo
ContentBlog, documentation, e-books, glossary, reports, success stories, videos, webinars and white papersSameAnalyst reports, blog, case studies, documentation, eBooks, guides, reports, videos, webinars and white papers
Comprehensive documentation13 documentation sectionsSame>13 documentation sections
CommunityForumSameNo
Sync training1 workshopSameNo
Async training3 product use courses, all freeSameNo
DistributionDirect or with any of its 14 partnersSameDirector with any of its 4 partners
MarketplacesAWSSameNone
FreemiumNoNoYes
Free trial21-day free trialPoVNot applicable
DemoYesYesNot applicable
Open demoNoNoNot applicable
PricingContact sales and marketplaceContact salesNot applicable
Pricing tiers1 plan1 planNot applicable
Minimum termMonthlyMonthlyNot applicable
Minimum payment periodMonthlyMonthlyNot applicable
Minimum capabilitiesASPM, binary SAST, containers, CSPM, DAST, IaC, SAST, SCA and secretsSame plus: AI SAST, API security testing, MAST, PTaaS, RE and SCRAI SAST
Minimum scope1 authorSameNot applicable
Pricing driversAuthorsSameNot applicable
Free implementationYesYesNot applicable
Free supportYesYesNot applicable

Service

AttributeEssentialAdvancedMetis
PTaaSNoYesNo
Reverse engineeringNoYesNo
Secure code reviewNoYesNo
PivotingNoYesNo
ExploitationNoYesNo
Manual reattacksNot applicableUnlimited reattacksNot applicable
Zero-day vulnerabilitiesScanner-based zero-day vulnerability detectionContinuous zero-day vulnerability researchNone
SLAAvailabilityAccuracy, availability and responseNo information available
Minimum availability99.95% per yearSameNo information available
After-sale guaranteesNoYesNo
AccreditationsCNA, Penetration Testing by CREST and OpenSSF Gold BadgeSameCNA
Pentester certificationsNot applicable202 from 59 different typesNot applicable
Type of contractEmployeeSameEmployee
Endpoint controlNoTotalNo information available
Channel controlNoTotalNo information available
StandardsSome requirements from 67 standardsAll requirements from the same standardsNo information available
Detection methodAutomated toolsAI, automated tools and human intelligenceAI
Remediation5, none in commonSame, plus 11
Output5, none in commonSame, plus 22, none in common

Product

AttributeEssentialAdvancedMetis
ASPMYesYesNo
APIGraphQL with JSONSameNo
IDE5 functionalitiesSame, plus 1 functionalityNo
CLIYesYesYes
CI/CDBreaks the buildSameDoes not break the build
Vulnerability sources18 sourcesSameNone
Threat model alignmentYesYesNo
Priority criteriaCVSS v4.0, CVSSF, EPSS and KEVSameNo
Custom prioritizationPriority scoreSameNo
Scanner originIn-houseIn-houseIn-house
SCA19 package managersSameNo
AI securityNoYesNo
Reachability12 languagesSameNo
Reachability typeDeterministicSameNot applicable
SBOM22 package managersSameNo
Malware detectionYesYesNo
Autofix on componentsNoNoNo
Containers4 distributionsSameNo
Source SAST (languages)12, 3 in common and 9 additionalSame8, 3 in common and 5 additional
Source SAST (frameworks)22SameNo information available
Custom rulesNoNoYes
IaC6, 1 in common and 5 additional21 in common
Binary SAST1 type of binarySame, plus 2 types of binariesNo
DAST7 attack surface typesSameNo
API security testingNo4 types of APIsNo
MASTNoYesNo
IASTNoNoNo
CSPMYesYesNo
Secrets142 secrets typesSame, plus verify other attack vectors and secrets exploitabilityNo
AI4 functions, 1 in common and 3 additionalSame, plus 1 function4 functions, 1 in common and 3 additional
AI SASTNoYesYes
MCPYesYesYes
Open-sourceNoNoApache-2.0 license
DeploymentSaaS (multi-tenant)SameOn-premise (no tenancy information)
RegionsUSSameNot applicable
StatusYesYesYes
Incidents3 per yearSame228 per year

Integrations

AttributeEssentialAdvancedMetis
SCM6SameNone
Binary repositoriesNoneNoneNone
Ticketing3SameNone
ChatOpsNoneNoneNone
IDE3SameNone
CI/CD21SameNone
SCANativeSameNone
ContainerNativeSameNone
SASTNativeSameNative
DASTNativeSameNone
MASTNoneNativeNone
IASTNoneNoneNone
Cloud1SameNone
CSPMNativeSameNone
SecretsNativeSameNone
RemediationNoneNoneNone
Bug bountyNoneNoneNone
Vulnerability managementNoneNoneNone
ComplianceNoneNoneNone

More like Metis

Tags

ai-sastcompareiacmcpopensourcesast

On this page