Mistral's Free New Model Finds Real Bugs by Actually Proving Code Correct
Mistral released Leanstral 1.5, a small open-source model that writes formal mathematical proofs and already found five real bugs in open-source code.
Mistral AI just released Leanstral 1.5, a free model that does something most AI can’t: it proves, with mathematical certainty, that a piece of code or a math statement is actually correct — not just “probably right based on patterns.” And in its first real-world test, it already caught five bugs that had been hiding in plain sight.
Leanstral 1.5 is built for Lean 4, a “proof assistant” — think of it as a programming language where every statement has to be logically airtight before the computer will accept it. That’s very different from a normal AI chatbot, which can sound confident while being wrong. The model is small by today’s standards (6 billion active parameters, Apache 2.0 licensed, so anyone can use, modify, or run it locally) but it’s remarkably capable: it “saturates” miniF2F, a well-known math benchmark, meaning it gets every single problem right, and it solved 587 of 672 problems on PutnamBench, a set of famously hard competition-math questions.
The more practical headline: Mistral pointed Leanstral 1.5 at 57 real open-source code repositories and it flagged five previously unknown bugs. One example — a small library for encoding numbers (varinteger, used in the datrs project) had a sign-handling bug where a specific edge-case input caused silent data corruption. No human had caught it. The model did, by actually proving the code’s behavior rather than guessing from examples.
What’s actually going on: Most AI coding tools are pattern-matchers. They’ve read a lot of code and predict what comes next, which works well most of the time but can miss subtle logic errors — especially the “off by one edge case” kind that Leanstral just found. Formal verification flips that: instead of predicting, it proves. That’s historically been slow, expert-only work. A free, open, 6B-parameter model doing it well enough to find real bugs is a sign this niche is becoming accessible rather than staying locked in academic labs.
What this means for you: if you’re just curious about AI, you don’t need to touch this — it’s a specialist’s tool, like a torque wrench, not a hammer. If you write code professionally, especially anything security- or safety-critical (crypto libraries, parsers, embedded systems), this is worth a look: it’s free, it runs without sending your code to a cloud API, and it’s already proven it can catch what human review missed. For most everyday coding, your existing tools are still the right choice — this is for the moments when “probably fine” isn’t good enough.
Sources
Stanford's Big Yearly AI Report Card Is Out — and the Trust Gap Is Widening
Stanford HAI's 2026 AI Index shows fast capability gains alongside rising safety incidents, falling transparency scores, and a growing gap between expert and public trust.