A formally verified zlib implementation (lean-zip) built by AI agents still contained a buffer overflow, challenging the promise of formal verification. The article explores AI agents' growing capability to discover vulnerabilities at scale and proposes formal verification as a potential (but imperfect) defense against a looming software security crisis.
Safety
Lean proved this program was correct; then I found a bug
Formally verified AI-generated code still fails: lean-zip's buffer overflow despite Lean proof challenges the effectiveness of formal verification against AI-accelerated code generation.
Monday, April 13, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety