Solana launches Trident Arena, its first AI security scanning solution. Multi-agent AI analyzes Solana programs and provides audit reports within hours.
In a recent Ackee audit, Trident Arena found that: 26 major Solana Protocol issues. This includes both severity and high severity vulnerabilities, both of which have been independently verified by our manual review team.
Benchmark testing confirms Trident Arena. 70% of Solana vulnerabilities rated critical/high severity (37% for Claude Opus 4.6 and 33% for GPT-5.2 (with very high inference)) Low false positive rate of 26.56% (Compared to the average of 86.67% for a typical LLM), this significantly outperforms flagship AI models.
access request
Why AI Security Scanning?
Many Solana builders face the same bottleneck. Audit times can be weeks or months away, and security feedback is provided too late in the development cycle.
Trident Arena solves this problem. A multi-agent AI with Solana’s unique expertise scans Solana programs using the same deep security heuristics as an auditor and provides a report with vulnerability findings, severity ratings, and remediation instructions.
What makes Trident Arena different?
Multi-agent AI for Solana
This is not a typical LLM wrapper that prompts you in your code. Multiple parallel agents work simultaneously to cross-check results and reduce false positives.
Built by Solana Auditor
Trident Arena was built for the School of Solana team and the security of protocols such as Kamino, MetaDAO, Marinade, and more. Through more than 200 security audits, we understand the Solana program to its core.
Full audit pipeline
Import repositories, analyze compiled code, and receive PDF reports with vulnerability descriptions, severity ratings, confidence scores, and remediation instructions, all in one place.
Results in just a few hours
There is no waiting list. There will be no delay for a month. Trident Arena provides comprehensive results today. Use it before a premium audit, with every deployment, or for ongoing security.
Benchmarking
Benchmark data sets and methodologies
Currently, no standardized dataset of vulnerable Solana programs suitable for security benchmarking exists. Therefore, we constructed our own benchmarks using publicly available audit reports and competitive findings, including only programs with verified and documented vulnerabilities. We encourage other researchers to use this dataset to improve reproducibility and comparability in future Solana security assessments.
We evaluated Trident Arena performance using two approaches.
- Competitive Audit (Benchmarking): Compare Trident Arena’s results with publicly reviewed competitive audit results against publicly available codebases.
- Professional Audit: Trident Arena’s findings were compared with the results of an audit conducted by a professional security team.
Benchmark results
This table provides a collection of benchmarking projects evaluated using Trident Arena, Claude Opus 4.6, and GPT-5.2 (with very high inference).
Each cell displays the number of serious/high severity issues identified by AI scans relative to the total number of actual serious/high severity issues on the project as determined through expert manual audits.
trident arena find 21/30 (70%) Compare to all reported critical/high severity vulnerabilities Claude Opus 4.6 with 11/30 (37%)and GPT-5.2 (with very high inference), 10/30 (33%).
During the initial benchmark, we evaluated all results to determine False positive (FP) rate. At Trident Arena The average FP rate is 26.56%; compared to 86.67% of regular AI. This is Trident Arena The true positive rate continues to remain above 70%..
methodology: To run our benchmarks, we compared Trident Arena to: flagship basic model: Works of Man 4.6and OpenAI’s GPT-5.2 (Very high inference). The baseline runs in the repository root with the prompt “Perform an extensive and in-depth Solana program security analysis.” No special instructions or benchmark-specific engineering prompts are used.
Ackee audit results
Trident Arena was operational during the MetaDAO audit. scanned by AI Futachi program and surface 26 issues, include 2 Critical/high severity vulnerability.
Two results stood out.
- Integer truncation vulnerability: The withdrawal amount may be inflated due to truncation from an unsigned 128-bit integer to a smaller 64-bit integer. Confirmed as: severity By a manual audit team.
- PDA storage algorithm location mismatch: An attacker can compromise a user’s location and block withdrawals. Confirmed as: high severity By a manual audit team.
Both of these issues were independently discovered and reported during public audits. Trident Arena was automatically found.
Trident Arena Use Cases
Before premium audit. Are you waiting weeks for an audit? Get security feedback today. Use cleaner code to save audit rounds time and reduce costs.
Depending on your budget. Get a comprehensive security check without the premium audit price tag. Professional-level analytics built by Solana auditors – at a fraction of the cost.
Continuous security. Inspects any deployment, upgrade, or major feature. Maintain security standards throughout the development lifecycle.
Restrictions
Trident Arena is a powerful security tool, but it complements rather than replaces high-quality manual auditing.
What Trident Arena does well:
- Protocol-specific vulnerabilities in the Solana program
- Logic flaws and extreme cases
- Access control and authentication bugs
- State management error
- PDA-related issues
Things that may require manual review:
- New attack vectors without past patterns
- Complex economic design flaws
- Deep protocol logic encompassing multiple programs and off-chain systems
Trident Arena allows you to invest your budget into deep protocol logic audits.
roadmap
Trident Arena launched today as a full-fledged product with multi-agent AI analytics for the Solana program. But here’s what’s coming soon:
- Fuzz test: Automated attribute-based fuzzing for Solana programs is coming soon, adding another layer of security coverage with AI analytics.
- Extended Benchmarks: Ongoing benchmarks for additional open source Solana programs
- Case study: Actual results of production protocol scans
Getting started
Trident Arena is now available. Increase bandwidth and reduce latency for Solana security audits.
Scan for programs in 4 steps:
- Import the repository. Connect to a public or private GitHub repository
- Select program: Select the Solana program you want to scan
- AI analytics: Multi-agent AI scans your code using deep security heuristics.
- Get the report: Download a comprehensive PDF with findings and solutions
access request
Follow @TridentSolana for product updates and insights.
Trident Arena Step by Step
Take a closer look at how Trident Arena scans Solana programs from import to final report.
1. Import the project
Import the repository and create a new project. Paste the URL of a public or private GitHub repository and Trident Arena will pull the codebase.
2. Select a test
Choose from available test types. AI analysis is now possible. Fuzz testing (including attribute-based fuzzing) is on the roadmap and will be available soon.
3. Select a branch and commit
Select the branches and commits you want to scan. Trident Arena will get the exact version you specified.
4. Edit
Trident Arena automatically compiles your programs. The compilation phase ensures that the AI works with verified, buildable code.
5. Define scope
Select the programs and files you want to include in the scan. AI focuses on what matters most.
6. Start AI scanning
Get started with multi-agent AI analytics. Multiple agents work in parallel to cross-check results in real time.
7. Review results
Find results directly from the interface. Each finding includes a severity rating, description, affected codes, and resolution instructions.
8. Export report
Download a comprehensive PDF report with all findings to share with your team or stakeholders.
