Formal verification has always been the software engineering holy grail nobody actually uses. It proves your code is mathematically correct: no edge cases, no "works on my machine," no ambiguity. The problem? It costs a fortune in specialist time, takes months to set up, and requires deep expertise in formal methods to operate. Most teams skip it entirely and ship tests instead. Tests are good. Tests are not proofs.
Mistral just changed the economics of that trade-off.
Leanstral 1.5, released 2 July 2026, is a 119-billion-parameter mixture-of-experts model built specifically for formal proof engineering in Lean 4. Before you glaze over: only 6 billion of those parameters are active on any given forward pass, which makes it fast and cheap to run. Mistral have put it on a free API endpoint and published the weights under Apache 2.0, so you can self-host if you prefer.
The benchmarks worth knowing
On miniF2F, the standard formal mathematics benchmark, Leanstral 1.5 scores 100%. It saturated the entire test. On PutnamBench, a collection of 672 Putnam competition problems that routinely stump undergraduate mathematicians, the model solved 587. On FATE-H, a harder formal algebra benchmark, it hits 87% and sets a new state of the art. These are not incremental improvements. This is a category shift.
What makes it different from the usual "AI for code" tooling is how it works. Most AI tools produce code that looks right, passes your test suite, and silently carries the sort of subtle bug that only surfaces in production. Leanstral operates differently. Working in Lean 4, it writes machine-checkable proofs, receives feedback from the Lean compiler, iterates, and either produces a verified proof or reports that it can't. No hallucinated results, no confidence percentages. Proved, or not proved.
The training involves three stages: mid-training on formal mathematics, supervised fine-tuning, and reinforcement learning with CISPO. In practice the model works in two modes: a conversational loop where it refines approaches based on compiler feedback, and a code-agent mode where it edits files and calls the Lean language server directly to inspect proof state as it works.
The bit that should worry you
Mistral ran Leanstral 1.5 against 57 open-source repositories and it found five previously unknown bugs. One was a U64 overflow in zigzag decoding inside the datrs/varinteger library. Real production code. Real bug. Already shipping.
That is the practical headline here. Not benchmark scores, not theoretical capability. An AI built for formal verification ran over 57 repos and found bugs that tests had missed.
The cost shift
Before Leanstral, formal verification at this level cost roughly $300 or more per problem in compute and specialist time. The model does it for approximately $4. That is not a marginal improvement; it is a different category of tool.
Performance scales with how many tokens you're willing to spend. At 50,000 tokens it solves 44 PutnamBench problems. At 4 million tokens it solves 587. You can dial the budget to the risk level of what you're verifying. Proving an AVL tree's O(log n) time complexity guarantees took 2.7 million tokens across 22 compactions. For cryptographic logic inside a financial system, that is a reasonable price. For a settings form, it's overkill.
This mirrors a pattern we looked at recently with ByteDance's agent scaling research: more compute at inference time is quietly becoming one of the more interesting levers in AI engineering.
What it means for your stack
Formal verification has historically lived in aerospace, finance, and cryptography. Places where a single bug costs lives or fortunes. At $4 per proof, the question becomes: what else should have been formally verified but wasn't, simply because nobody could afford it?
Data pipeline invariants. State machine transitions in a Flutter app. The edge-case logic inside a RAG system's retrieval ranking. The sort of thing unit tests cover until someone refactors the implementation.
Leanstral works in Lean 4, not directly in TypeScript or Python, so there is integration work before it slots neatly into a standard product codebase. But the direction is clear.
If you're building something where correctness matters, we can help you work out where formal verification adds genuine value in your stack. That means identifying the highest-risk modules, designing the verification scope, and wiring this into your CI pipeline alongside the React, Next.js, or .NET services it needs to reason about. We've built enough production RAG pipelines and custom agents to know which parts of a system are genuinely risky and which ones just feel that way.
Get in touch if you want to think it through.
