Solana security: STRIDE framework and the launch of the Solana Incident Response Network (SIRN)

The Solana Foundation has introduced a new security initiative aimed at improving how projects assess vulnerabilities and respond to on-chain threats. The program includes a standardized framework for DeFi risk reviews and a coordinated incident response network.

Solana Foundation launches STRIDE to standardize DeFi risk assessments

The Solana Foundation unveiled STRIDE, a security framework developed with Asymmetric Research. It is designed to help teams systematically audit Solana-based protocols and strengthen risk monitoring across decentralized finance.

STRIDE establishes a standard process to evaluate the security of projects building on Solana, supporting both early-stage protocols and more mature platforms. It is intended to provide a consistent benchmark for operational security, governance, and incident readiness.

How STRIDE evaluates protocols

Under STRIDE, DeFi protocols are evaluated across eight domains, including:

• Program integrity
• Governance controls
• Oracle dependencies
• Infrastructure configuration
• Day-to-day operational practices
• Supply chain exposure
• Incident response readiness
• Forensic capabilities tied to comprehensive log management

Each participating protocol undergoes an independent review process, with findings and scores disclosed publicly. The framework is described as iterative, with regular updates as new attack vectors and defensive techniques emerge.

“This gives users, investors, and the broader ecosystem real transparency into the security posture of the protocols they interact with,” Asymmetric Research said in the announcement.

The announcement also emphasized that continuous monitoring and rapid response remain necessary even when audits are in place.

Solana Incident Response Network (SIRN) targets faster threat coordination

Alongside STRIDE, the foundation introduced the Solana Incident Response Network (SIRN), a coalition of specialized security firms focused on coordinating real-time responses to active threats on the network.

What SIRN is designed to do

SIRN is structured to share alerts quickly and support teams under attack. Members are expected to:

• Share threat intelligence
• Coordinate interventions during live incidents
• Provide feedback that contributes to the ongoing evolution of STRIDE standards

The foundation said the network will focus on rapid communication between protocol teams, independent security researchers, and infrastructure providers. Participation is expected to expand over time as more firms join and align with the coalition’s playbooks and escalation procedures.

Context: DeFi exploits keep security in focus

The launch of STRIDE and SIRN comes after multiple high-profile DeFi incidents on Solana and other chains. The article highlights the Drift Protocol incident, in which a $280 million exploit occurred only days before the announcement.

Investigators linked the Drift incident to social engineering campaigns attributed to North Korean-affiliated actors. The scale of the exploit was presented as an example of how a compromise of access credentials can lead to losses of hundreds of millions of dollars on-chain.

Stolen funds data

According to data cited from DefiLlama, more than $168 million was stolen from 34 DeFi protocols in Q1 2026. This was described as lower than the $1.58 billion recorded during the same period in 2025, but the persistence of hacks was framed as evidence that decentralized finance risks remain.

Analysis: automation and AI tools add pressure to defenses

The article also points to the growing role of automation and AI-enhanced tools in DeFi exploits. In January, Step Finance reportedly lost roughly $40 million after attackers used automated agents to execute rapid transfers, increasing the speed and scale of the breach, according to reporting from KuCoin.

While the STRIDE announcement did not explicitly reference artificial intelligence, the article notes that industry observers have warned AI-assisted reconnaissance and scripting can accelerate the discovery and exploitation of protocol weaknesses. It also suggests that defenders may need to improve crypto threat intelligence and automated monitoring to keep pace with faster attack cycles.

Overall, the Solana Foundation described STRIDE and SIRN as a shift from ad hoc security practices toward a more coordinated, data-driven approach to managing DeFi protocol security, including both pre-deployment reviews and post-incident forensics.