Formally Verified Patent Analysis via Dependent Type Theory: Machine-Checkable Certificates from a Hybrid AI + Lean 4 Pipeline
Researcher George Koomullil has published a framework that combines AI with Lean 4, a formal proof assistant, to produce mathematically verified patent analysis. This matters because patent errors cost companies millions in litigation, and no prior system has applied theorem prov...
George Koomullil, listed as the sole author on arXiv preprint 2604.18882 submitted April 20, 2026, has built something that patent attorneys and AI researchers should both pay close attention to. The paper, spanning 100 pages with 8 figures, 9 tables, and 6 algorithms, describes a hybrid pipeline that pairs machine learning with Lean 4, a modern interactive theorem prover, to generate machine-checkable certificates for patent analysis tasks that have historically relied on expensive human experts or opaque AI models.
Why This Matters
Patent analysis is a multibillion-dollar problem where being wrong is not just embarrassing, it is expensive. A single missed claim or botched freedom-to-operate analysis can trigger litigation costing tens of millions of dollars. Current AI-powered patent tools give you speed and plausibility, but they cannot prove they are correct. Koomullil's framework is the first, by his own account, to apply interactive theorem proving rooted in dependent type theory to intellectual property analysis, and that is a genuinely meaningful first if the approach holds up to scrutiny.
Daily briefing from 50+ sources. Free, 5-minute read.
The Full Story
Patent analysis breaks down into several distinct legal and technical tasks: mapping a patent to a product, determining freedom to operate, interpreting claim construction, checking consistency across claims within a patent family, and applying the doctrine of equivalents. Each of these requires tracing relationships between technical claims, understanding dependencies, and catching edge cases that could expose a company to infringement risk. Koomullil's framework formalizes all five of these use cases through 6 algorithms.
The core architectural insight is a separation of concerns between what AI is good at and what formal verification is good at. The machine learning layer handles the semantically heavy lifting, reading patent documents, extracting claims, and assigning match scores that quantify how closely a product feature maps to a patent claim. Once those scores are bounded within fixed parameters, a directed acyclic graph algorithm called Algorithm 1b takes over. That algorithm, which Koomullil calls the DAG-coverage core, is fully machine-verified in Lean 4. The phrase "fully machine-verified" here has real weight: it means no mathematician or lawyer needs to trust the logic, because Lean 4's kernel has checked the proof.
The DAG structure is a natural fit for patent relationships. Claims within a patent often depend on one another in tree-like hierarchies, and citation relationships between patents form networks. Representing these as directed acyclic graphs lets the framework apply formal reasoning about coverage and dependency with mathematical precision. Match strengths between patent claims and product features are encoded as elements of a verified complete lattice, and confidence scores propagate through the graph using monotone functions whose correctness has been formally proven.
Not everything in the framework reaches that gold standard of full machine verification. Koomullil is candid about this. The structural lemmas, the coverage-core generator, and the closed-path identity that coverage equals W_cov are machine-verified. The higher-level theorems for the other four use cases remain what he calls "informal proof sketches," where the proof-generation functions are treated as untrusted generators whose outputs the kernel then checks for correctness, and the system performs what he describes as sorry-free axiom auditing. This is a pragmatic choice, not a weakness, and the paper is transparent about exactly where the formal guarantees stop.
There is also an important conditional on the entire system. The framework certifies the mathematical correctness of computations that happen downstream of ML scores. It does not certify that the ML scores themselves are accurate. If your AI layer miscategorizes a claim, the formal verification downstream will correctly compute the wrong answer. The paper validates the approach through a case study using a synthetic memory-module claim to demonstrate weighted coverage and construction-sensitivity analysis, with validation against real adjudicated cases listed explicitly as future work.
Key Details
- Submitted to arXiv on April 20, 2026 under categories cs.AI, cs.LO, and cs.PL.
- Sole author is George Koomullil, with the paper clocking in at 100 pages.
- The framework formalizes 5 IP use cases across 6 algorithms.
- Algorithm 1b, the DAG-coverage core, achieves full machine verification in Lean 4 once match scores are bounded.
- The closed-path identity "coverage equals W_cov" is among the machine-verified results.
- The case study uses a synthetic memory-module claim, not a real adjudicated patent case.
- Validation against actual court-adjudicated cases is explicitly deferred to future work.
What's Next
Koomullil's stated next step is validating the framework against adjudicated patent cases, which will be the real test of whether machine-verified correctness translates to legally meaningful accuracy. Researchers and practitioners watching this space should look for follow-up work that bridges the synthetic case study to real-world patent disputes, particularly in semiconductor and software patent domains where claim construction battles are most expensive. If the ML scoring layer can be improved and validated independently, the conditional guarantees the framework currently offers could tighten considerably.
How This Compares
The closest parallel in the broader AI-plus-formal-verification space is the fraware project, which demonstrated formal verification for machine learning models using Lean 4 and generated enough interest to land on Hacker News in March 2025 with 52 points and active developer discussion. That project focused on verifying ML models directly, while Koomullil's approach takes the smarter near-term path of verifying the algorithmic layer downstream of ML rather than the model itself. That is a more tractable problem right now, and it is the right call.
Martin Kleppmann, writing in December 2025, argued that AI will bring formal verification from a niche academic practice into software engineering mainstream. Koomullil's paper is concrete evidence that this prediction is already materializing in specialized domains. A separate arXiv preprint from April 2026, paper 2604.03789, tackles automated conjecture resolution with formal verification and lists a collaborative team of 16 researchers including Haocheng Ju, Guoxiong Gao, and Bin Dong, which signals that the field is attracting serious institutional resources.
What separates this patent-analysis work from other hybrid AI-verification efforts is domain specificity. General formal verification frameworks do not know what freedom-to-operate means or how the doctrine of equivalents applies across dependent claims. Koomullil built IP-specific formalizations, and that domain depth is what makes this more than an academic exercise with a novel application label slapped on it. Whether it becomes a practical tool depends on whether the ML scoring layer can be made reliable enough that the downstream formal guarantees are worth anything in a real legal context.
FAQ
Q: What is Lean 4 and why does it matter for AI? A: Lean 4 is a proof assistant that can mathematically verify whether an algorithm always behaves correctly according to its specification. It matters for AI because machine learning models are probabilistic and cannot guarantee correctness, while Lean 4 can check the logic of algorithms that process AI outputs, creating a mathematically trustworthy layer on top of inherently uncertain AI decisions.
Q: Does this system replace patent lawyers? A: No, and the paper does not claim it does. The framework verifies the mathematical correctness of patent analysis computations, but it relies on AI-generated match scores that are not themselves formally verified. Legal judgment, claim interpretation under actual case law, and courtroom strategy remain firmly in human expert territory.
Q: What is a directed acyclic graph in patent analysis? A: A directed acyclic graph, or DAG, is a structure that maps relationships between items where connections flow in one direction and never loop back on themselves. In patent analysis, it represents how claims depend on one another and how product features connect to those claims, allowing the system to trace coverage relationships precisely and check them mathematically.
The combination of formal verification and AI is moving from theoretical promise to working implementations faster than most observers expected, and patent analysis is a compelling proving ground given the financial stakes involved. Keep watching this space as validation against real adjudicated cases will determine whether this framework becomes a practical tool or remains a rigorous proof of concept. Subscribe to the AI Agents Daily weekly newsletter for daily updates on AI agents, tools, and automation.
Get stories like this daily
Free briefing. Curated from 50+ sources. 5-minute read every morning.
