Saylor

Saylor uses Solana smart contracts and a peer network to verify IoT threat data on-chain, so teams can trust alerts and respond faster.

Comment

Saylor — On-chain trust for IoT fleets

Inspiration

IoT security teams are flooded with telemetry they can't fully trust. A single compromised gateway can fan a bad reading across a dashboard, trigger noisy alerts, and push responders to chase ghosts. I wanted to build a system where threat signals are not just fast but verifiable, where the fleet itself decides what to trust and that decision is provable.

What it does

Saylor is an IoT security platform that uses peer consensus and Solana smart contracts to verify threat telemetry before it reaches an operator's dashboard.

Every device in the fleet streams signed sensor readings (temperature, humidity, pressure, vibration, barometric, and more) into the Saylor API. Each reading is scored in real time by a Gemma 4 classifier. If a reading crosses the anomaly threshold, it triggers a ThreatConsensus round on Solana devnet where peer devices in the same group vote on whether the behavior is genuinely suspicious. A confirmed verdict quarantines the accused device and slashes its staked SOL, while a cleared verdict releases the hold. Every accusation, vote, and outcome is a real on-chain transaction, one click away from Solana Explorer.

The result surfaces in a live dashboard with five main views. The fleet overview shows device trust scores, real-time status across healthy, under_review, and quarantined states, and a live event feed. The device detail page has per-sensor telemetry charts, peer group membership, and the full on-chain history for that device. The threat console shows active and resolved threats alongside peer vote breakdowns, verdict timelines, and explorer-linked transaction hashes. The peer network view maps which devices are validating which, along with stake balances and reputation scores derived from on-chain history. Finally, the investigation copilot is a Gemma 4-powered chat interface on each device page where responders can ask plain-English questions about an incident and get back a structured report with a severity rating, key findings, and recommended next steps.

The core promise is faster credible-threat detection, fewer false positives, and coordinated response backed by signed tamper-evident evidence rather than a black-box score on a dashboard no one fully trusts.

How we built it

Full-stack platform built with React 19 and TanStack Start on the frontend, a TypeScript/Express API on the backend, and two Anchor/Rust programs on Solana devnet handling peer consensus and trust scoring. Device telemetry flows in, gets scored by Gemma 4, goes through on-chain peer evaluation, and surfaces in a live dashboard with an AI investigation copilot.

Tracks used:

  • MLH – Best Use of Solana: The threat-consensus and sensor-trust programs handle peer voting, verdict finalization, and SOL staking. Every accusation and verdict is a real devnet transaction linked to Solana Explorer directly from the dashboard.
  • MLH – Best Use of Gemma 4: Gemma 4 (270M parameters) runs anomaly scoring on every telemetry event and powers the in-dashboard investigation copilot, returning structured incident reports in plain English.
  • MLH – Best Use of Vultr: Gemma 4 inference runs on Vultr GPU instances, keeping classification latency low enough to meet the on-chain consensus deadline.
  • MLH – Best Use of Auth0 AI Agents: Auth0 issues operator SSO tokens and short-lived M2M JWTs for device identity, each tied to a Solana keypair, securing the agent-to-device trust boundary.

Challenges we ran into

  • Balancing speed against on-chain verification overhead
  • Handling deployment differences between local and Railway environments
  • Solving CORS and production port and config edge cases
  • Designing trust logic that is useful in real time, not just technically correct

Accomplishments that we're proud of

  • End-to-end working flow from telemetry ingestion to trusted threat output
  • On-chain verification integrated into a usable security product experience
  • Production deployment of both frontend and API services
  • Clear demo-ready narrative around trust, accountability, and response speed

What we learned

  • Reliability in deployment and config is as important as core features
  • Blockchain adds the most value when it improves trust and auditability, not complexity
  • Security users need explainable confidence signals, not black-box scores
  • Tight iteration between protocol, backend, and UX is critical for real-world usability

What's next for Saylor

  • Expand peer network participation and reputation mechanisms
  • Add richer anomaly models and adaptive trust scoring
  • Introduce alert routing integrations for Slack, PagerDuty, and SIEM tools
  • Strengthen enterprise readiness around auth, multi-tenant controls, and observability
  • Run pilots with real IoT datasets to validate accuracy and impact at scale

Built With

Share this project:

Updates