LLMs are good at language and bad at logic. Datalog is good at logic and bad at language. Turns out you can bolt them together and get something that actually works.
A pattern I keep coming back to in security tooling: the LLM reads vulnerability descriptions, network configs, and documentation in natural language. It translates those into Datalog facts and rules. Then Datalog does what Datalog does — derives all logical consequences, finds attack paths, and produces proof trees.
The proof trees are the key part. When the system says “host X is reachable from host Y via this path,” it’s not a probabilistic guess. It’s a derivation you can follow step by step. The LLM’s job is translation, not reasoning.
This is what I mean by “agents that prove things.” The LLM is the interface layer. The formal system is the reasoning layer. Neither is sufficient alone.
Open question: how far can you push this pattern? Datalog works for attack graphs because the domain is naturally relational. What about domains that aren’t?