# Leanstral 1.5: Mistral’s AI Found Five Real Bugs

> Source: <https://byteiota.com/leanstral-1-5-mistrals-ai-found-five-real-bugs/>
> Published: 2026-07-14 20:10:41+00:00

Every AI coding tool released in the last two years has chased the same goal: generate more code, faster. Mistral just shipped something different. [Leanstral 1.5](https://mistral.ai/news/leanstral-1-5/), released July 2, is a formal verification agent built on Lean 4. In its first public test against 57 open-source repositories, it found five bugs that human maintainers had never reported.

## The Bug That Makes the Case

The most striking find was in [datrs/varinteger](https://crates.io/crates/varinteger), a Rust crate for variable-length integer encoding. In the zigzag decoding function, the sign operation performs a `(value + 1)`

calculation — fine for most inputs, until you feed it the maximum `u64`

value.

In debug mode, the overflow panics. You know something is wrong. In release builds — the ones that ship — the overflow wraps silently, corrupting output with no diagnostic warning. That is the kind of bug that survives code review, passes test suites, and only surfaces when production data gets quietly mangled.

Leanstral caught it not by running tests, but by formally proving what the function can and cannot do.

## What Formal Verification Actually Means

Formal verification is not debugging, fuzzing, or property-based testing. It is mathematical proof that a property holds for *all possible inputs* — not a large sample, not edge cases you thought to test. All of them.

[Lean 4](https://lean-lang.org/theorem_proving_in_lean4/) is both a programming language and a theorem prover. Write your code, state your property as a type, and Lean’s kernel verifies the proof. If it compiles, the property is guaranteed. The verdict is binary: proven or not. There is no “usually correct.”

Tests can show a bug exists. Formal proofs show it cannot.

## The Cost Curve Changed Everything

Formal verification used to mean hiring mathematicians and spending weeks on a single module. That economics made it realistic only for aerospace, medical devices, and cryptographic protocols where failure costs are catastrophic.

Leanstral 1.5 solves Putnam Mathematical Competition problems at roughly $4 per proof. Competing systems charge $300 or more. It saturated miniF2F (100%, the first model to do so) and solved 587 of 672 PutnamBench problems at 4 million reasoning tokens. The model scales with thinking time: 44 problems at 50k tokens, 587 at 4M.

The API is free during beta. The weights are on [Hugging Face](https://huggingface.co/mistralai/Leanstral-1.5-119B-A6B) under Apache 2.0. Commercial use is permitted.

## How to Start Today

The fastest path is Mistral Vibe:

```
uv tool install mistral-vibe
vibe --setup
vibe --agent lean
```

For tighter Lean integration, add the Lean LSP MCP server to `~/.vibe/config.toml`

:

```
[[mcp_servers]]
name = "lean-lsp"
transport = "stdio"
command = "uvx"
args = ["lean-lsp-mcp"]
```

The model is also available at the `labs-leanstral-1-5`

API endpoint — OpenAI-compatible clients work — and self-hostable on vLLM 0.24.0+. Architecture: 119B parameter mixture-of-experts with 6B active per token. Efficient enough to run at reasonable cost even if you bring your own compute.

## The Fair Critique

Hacker News was quick to note that the varinteger overflow is exactly what property-based testing catches. Fair. `proptest`

or `cargo-fuzz`

explore boundary values like `u64::MAX`

by default.

But the critique misses what formal verification actually offers. The value is not catching *this* specific bug — it is proving that an entire class of inputs is handled correctly, permanently. Property-based testing narrows likelihood. Formal proofs eliminate possibility. Leanstral makes the stronger tool accessible at developer economics for the first time.

## The Shift Underway

2025 was the year AI learned to write code. 2026 is shaping up to be the year AI learns to guarantee it. AWS already uses Lean 4 to formally verify [Cedar](https://aws.amazon.com/about-aws/whats-new/2023/05/cedar-open-source/), its authorization policy language. Cryptographic libraries are moving the same direction. Safety-critical teams are paying attention.

When formal verification runs from your terminal for dollars rather than from a consultancy for months, the question stops being *can we afford to verify this?* and starts being *which parts of our codebase deserve it first?*

For Rust crate authors, teams shipping AI-generated code, and anyone building software where silent failures are unacceptable — that question is now worth asking.
