diff --git a/entities/internet-finance/sirn.md b/entities/internet-finance/sirn.md
new file mode 100644
index 000000000..87f7f9ae6
--- /dev/null
+++ b/entities/internet-finance/sirn.md
@@ -0,0 +1,34 @@
+# Solana Incident Response Network (SIRN)
+
+**Type:** Security coordination infrastructure  
+**Status:** Active  
+**Launch Date:** April 7, 2026  
+**Parent Organization:** Solana Foundation  
+
+## Overview
+
+Solana Incident Response Network (SIRN) is network-wide security coordination infrastructure launched by the Solana Foundation in direct response to the April 1, 2026 Drift Protocol exploit ($285M).
+
+## Mission
+
+- Improve incident response speed across Solana protocols
+- Coordinate security responses ecosystem-wide
+- Provide infrastructure for cross-protocol security collaboration
+
+## Timeline
+
+- **2026-04-01** — Drift Protocol exploit ($285M) via durable nonce vulnerability
+- **2026-04-07** — SIRN launched by Solana Foundation (6-day response time)
+
+## Scope and Limitations
+
+SIRN focuses on incident response coordination, not protocol-level fixes. As of launch, it does NOT address:
+- The durable nonce vulnerability (indefinite transaction validity)
+- Zero-timelock governance migration patterns
+- Device compromise prevention (TestFlight/IDE vulnerabilities)
+
+The distinction between coordination infrastructure and architectural fixes is significant for assessing whether the Drift exploit represents a persistent Solana governance risk or a fixable design pattern.
+
+## Sources
+
+- CoinDesk: https://www.coindesk.com/tech/2026/04/07/solana-foundation-unveils-security-overhaul-days-after-usd270-million-drift-exploit
\ No newline at end of file