The Future Is Unwritten

AI and formal methods, the closing reading discussion. Share what you read, argue about where the bottleneck actually is, and post your group's takeaway.

The Readings

For Reading Reflection 4, you chose one of three readings on AI and formal methods:

• Kleppmann, AI Will Make Formal Verification Go Mainstream (2025)
• Thomas, AI Coding's Hidden Verification Premium (2026)
• de Moura, Who Watches the Provers? (2026)

Tonight we will discuss these readings in small groups. Try to mix readings within your group where you can. For the last discussion, going deep with people who read the same paper is also fine.

Discussion Protocol

Four rounds, ten minutes each.

Share (10 min)

Each person: which reading you chose, what the core claim is, and your gut reaction.

Some starting points if helpful:

• Has anyone at work seen one of the dynamics these authors describe: Thomas's productivity gap, Kleppmann's AI-generated-proof scenario, or de Moura's kernel-trust question?
• Was there a number, claim, or moment in the reading that you keep coming back to?

Debate (10 min)

The three authors locate the bottleneck in different places: Kleppmann in writing the specification, Thomas in verification skill, de Moura in the proof checker itself. Kleppmann predicts that AI is about to make proofs cheap. Thomas reports that AI generates code faster than anyone can check it. de Moura proposes that the proof checker itself needs an architectural fix: a small trusted kernel with multiple independent checkers.

Some starting points if helpful:

• Where do Kleppmann, Thomas, and de Moura actually disagree, and where would they each agree?
• In your own work, which bottleneck is real: writing the spec, telling good code from bad, or trusting the prover?
• Earlier you watched a VC Gen produce three Z3 queries that proved sum_to_n for every input. Does what you just saw match Kleppmann's prediction, Thomas's concern, or de Moura's worry?

If you reach easy consensus: what would the author of one of the other readings say to your group right now?

Converge + Post (10 min)

As a group, decide: what was the sharpest thing you argued about? Where did you land? What's one question you couldn't settle? What do you want the other groups to know?

Post your group's summary to both Ed and Gradescope.

Report-Out (10 min)

Groups share what they found. What couldn't your group settle? Did anyone change their mind? Looking back, R2 asked what would change if proofs became free, and Kleppmann argues that mechanism is arriving via AI. R3 raised the trust question through Zhou, and de Moura proposes an architectural answer. Does either move where you landed before?