Measuring where LLMs
miss vulnerabilities.

SecLens is MatterSec research for role-specific evaluation of LLMs on real vulnerability detection. It shows why teams cannot rely on a single model score when deciding whether AI can safely participate in software security work.

Read SecLens View on GitHub

01 /

benchmark

Real CVEs. Role-specific decisions. Security-first metrics.

406CVE-grounded tasks

93OSS projects

10languages

8OWASP categories

35security dimensions

12frontier models

M50 /

full evidence base

SecLens measures where models miss vulnerabilities. The MatterSec 50 catalogs how agents exploit those failures in production work. Together they form the full evidence base.

View the MatterSec 50

02 /

why it matters

The best model depends on who is asking.

A model that looks strong for engineering velocity can still be weak for security ownership. MatterSec brings that intelligence into live agent workflows, where model blind spots become code risk.

lens/ciso

CISO

Weighs evidence of exploitability and audit trail over raw model capability.

lens/cao

Chief AI Officer

Balances agent productivity against the cost of letting unsafe code ship.

lens/research

Security Researcher

Cares about per-CWE recall, false-positive rate, and ground-truth provenance.

lens/eng

Head of Engineering

Wants to know which agent + which guardrails get the team to production safely.

lens/agent

AI as Actor

Each agent should know its own weak categories before it touches code at all.

Measuring where LLMsmiss vulnerabilities.