What CVE-2026-25253 Taught Me About Building Safe AI Assistants

Sam Lavigne's "Slow LLM" art project — where an AI takes two days to generate a haiku — is getting a lot of attention right now. The premise: force people to confront how dependent they've become on instant AI responses. But while everyone's debating AI dependency, a different problem is quietly burning: AI assistants are leaking private data through vulnerabilities nobody's auditing. CVE-2026-25253 is exhibit A. What Happened The vulnerability hit WebSocket handlers in three major AI assistant platforms. The attack path was simple: malformed payloads forced assistants to echo conversation history — including fragments from other users' sessions. Not theoretical. 42,000 AI assistant instances were affected before patches shipped. Real users. Real data. The leaked data wasn't even "sensitive" on its own. Names. Email fragments. Partial addresses. The kind of thing apps routinely send to AI APIs: "Help me draft a reply to John Smith at acme@example.com ." In isolation, each fragment look