We’re launching Trident Arena, Solana’s first AI security scanning solution. The multi-agent AI analyzes Solana programs and delivers audit reports in hours.
In a recent Ackee audit, Trident Arena found 26 issues in a leading Solana protocol. These included a critical-severity and a high-severity vulnerability, both independently confirmed by the manual review team.
In benchmark testing, Trident Arena identified 70% of critical/high-severity Solana vulnerabilities (vs. 37% for Claude Opus 4.6 and 33% for GPT-5.2 (with extra-high reasoning)), with a low 26.56% false-positive rate (vs. an average of 86.67% for the plain LLMs), significantly surpassing flagship AI models.
Why AI security scanning?
Many Solana builders face the same bottleneck: audit slots are weeks or months out, and security feedback comes too late in the development cycle.
Trident Arena solves this. Multi-agent AI with Solana-specific expertise scans Solana programs with the same deep security reasoning as auditors, and delivers a report with vulnerability findings, severity ratings, and remediation guidance.
What makes Trident Arena different
Multi-agent AI for Solana
It’s not a generic LLM wrapper throwing prompts at your code. Multiple parallel agents work simultaneously, cross-checking findings and reducing false positives.
Built by Solana auditors
Trident Arena was built by the team behind School of Solana, and the security of protocols like Kamino, MetaDAO, Marinade and more. With 200+ security audits, we understand Solana programs to the core.
Full audit pipeline
Import your repo, analyse the compiled code and receive a PDF report with vulnerability descriptions, severity ratings, confidence scores, and remediation guidance – all in one place.
Results in hours
No waiting lists. No month-long delays. Trident Arena gives you comprehensive results today. Use it before your premium audit, on every deployment, or as continuous security.
Benchmarking
Benchmark data set and methodology
No standardized dataset of vulnerable Solana programs suitable for security benchmarking currently exists. Therefore, we constructed our own benchmark using publicly available audit reports and competition findings, including only programs with verified, documented vulnerabilities. We encourage other researchers to use this dataset to improve reproducibility and comparability in future Solana security evaluations.
We evaluated Trident Arena performance using two approaches:
- Competition audits (benchmarking): Compare Trident Arena’s findings against known, publicly reviewed competition audit findings on publicly available codebases.
- Professional audits: Compared Trident Arena’s findings against findings from audits performed by professional security teams.
Benchmark results
| Protocol | Trident Arena | Opus 4.6 | GPT-5.2xhigh |
|---|---|---|---|
| Axelar | 5/7 | 0/7 | 0/7 |
| Bert Staking | 1/2 | 1/2 | 1/2 |
| Dexalot | 4/5 | 2/5 | 2/5 |
| Pump Science | 1/2 | 1/2 | 0/2 |
| Metadao | 3/3 | 1/3 | 1/3 |
| Watt | 7/11 | 6/11 | 6/11 |
| Total: | 21/30 | 11/30 | 10/30 |
This table presents a compilation of benchmarked projects evaluated using Trident Arena, Claude Opus 4.6, and GPT-5.2 (with extra-high reasoning).
Each cell shows the number of critical/high-severity issues identified by the AI scan relative to the total number of actual critical/high-severity issues in the project, as determined by a professional manual audit.
Trident Arena discovered 21/30 (70%) of all reported critical/high-severity vulnerabilities, versus Claude Opus 4.6 with 11/30 (37%), and GPT-5.2 (with extra-high reasoning) with 10/30 (33%).
During the initial benchmark, we evaluated all of the findings to also measure the FP (false positive) rate. Trident Arena had an average FP rate of 26.56%, compared to the plain AI’s 86.67%. This means that Trident Arena delivered a true positive rate consistently above 70%.
Methodology: For the benchmark runs, we compared Trident Arena against flagship baseline models: Anthropic’s Opus 4.6, and OpenAI’s GPT-5.2 (extra-high reasoning). Baselines are run from the repository root with the prompt: “perform extensive deep Solana program security analysis.” No special guidance or benchmark-specific prompt engineering is used.
Results from an Ackee audit
We ran Trident Arena during an audit of MetaDAO. The AI scanned the futarchy program and surfaced 26 issues, including 2 critical/high-severity vulnerabilities.
Two findings stood out:
- Integer truncation vulnerability: Truncation from an unsigned 128-bit integer to a smaller 64-bit integer, causing potential inflated withdrawal amounts. Confirmed as critical-severity by the manual audit team.
- PDA store algorithm position mismatch: An attacker could have corrupted user positions to brick withdrawals. Confirmed as high-severity by the manual audit team.
Both of these issues were independently discovered and reported during the public audit. Trident Arena found them automatically.
Trident Arena use cases
Before a premium audit. Waiting weeks for an audit? Get security feedback today. Arrive with cleaner code to save time on audit rounds and reduce costs.
On a budget. Get comprehensive security scanning without the premium audit price tag. Professional-grade analysis built by Solana auditors – at a fraction of the cost.
Continuous security. Scan every deployment, upgrade, or major feature. Maintain security standards throughout your development lifecycle.
Limitations
Trident Arena is a powerful security tool, but it complements rather than replaces high-quality manual audits:
What Trident Arena catches well:
- Protocol-specific vulnerabilities in Solana programs
- Logic flaws and edge cases
- Access control and authorization bugs
- State management errors
- PDA-related issues
What may require manual review:
- Novel attack vectors with no historical patterns
- Complex economic design flaws
- Deep protocol logic spanning multiple programs and off-chain systems
Trident Arena lets you spend budget on deep protocol logic auditing.
The roadmap
Trident Arena launches today as a full-fledged product with multi-agent AI analysis for Solana programs. But here’s what’s coming soon:
- Fuzz testing: Automated property-based fuzzing for Solana programs is coming soon, adding another layer of security coverage alongside AI analysis
- Expanded benchmarks: Ongoing benchmarks across additional open-source Solana programs
- Case studies: Real-world results from production protocol scans
Get started
Trident Arena is available now. Increase bandwidth, reduce latency for your Solana security audits.
Scan your program in 4 steps:
- Import your repo: Connect a public or private GitHub repository
- Select programs: Choose the Solana programs you want to scan
- AI analysis: Multi-agent AI scans your code with deep security reasoning
- Get your report: Download a comprehensive PDF with findings and remediation
Follow @TridentSolana for product updates and insights.
Trident Arena step by step
Take a closer look at how Trident Arena scans a Solana program from import to final report.
1. Import your project
Create a new project by importing a repository. Paste the URL of any public or private GitHub repo, and Trident Arena pulls in the codebase.
2. Select your tests
Choose from available test types. AI analysis is available now. Fuzz testing (including property-based fuzzing) is on the roadmap and coming soon.
3. Choose branch and commit
Select the branch and commit you want to scan. Trident Arena pulls the exact version you specify.
4. Compilation
Trident Arena compiles your program automatically. The compilation step ensures the AI works with verified, buildable code.
5. Define the scope
Select which programs and files to include in the scan. Focus the AI on what matters most.
6. Start the AI scan
Launch the multi-agent AI analysis. Multiple agents work in parallel, cross-checking findings in real time.
7. Review results
Browse findings directly in the interface. Each finding includes severity rating, description, affected code, and remediation guidance.
8. Export your report
Download a comprehensive PDF report with all findings, ready to share with your team or stakeholders.
