Immersive integrates a diverse range of AI technologies into our secure sandbox labs. These environments empower customers to learn, experiment, and upskill, confidently and safely.

You can opt out of all practical AI content. Please speak to your Immersive representative for more information.

We currently use three mechanisms to power our secure AI sandbox environments:

• AWS Bedrock

  • Security and privacy

  • In Summary

• Microsoft Foundry

• OpenAI
  • Models
  • System prompts and token limitations
  • Moderation
  • Data transmission

AWS Bedrock

AWS Bedrock provides API keys for LLMs in lab environments, which are IP address-restricted to the lab environment. This means users can interact with AI systems directly to learn how to apply security mechanisms, but within a safe and controlled sandbox environment.

API keys allow us to use LLM models (such as Anthropic’s Sonnet) in lab environments, such in as the Building with AI: Claude Code collection.

Security and privacy

Immersive’s entire AWS account (organization) has strict security control policies (SCPs) that adhere to AWS security best practices. At the organization level, Immersive has opted out of having its content used for service improvement for all AWS AI services.

As stated in the Amazon Bedrock data protection documentation: 

Amazon Bedrock doesn't store or log your prompts and completions. Amazon Bedrock doesn't use your prompts and completions to train any AWS models and doesn't distribute them to third parties.

For all model providers within AWS Bedrock, in each region, AWS has a dedicated model deployment account managed by the Amazon Bedrock service team. Models are copied to these accounts from model providers. Model providers don't have access to any of these accounts, which means that any models used in AWS Bedrock are offline copies.

Our AWS Bedrock-backed lab environments implement strict least privilege credentials for any lab users or LLM API keys. The least privileged access control for temporary lab users, combined with AWS Bedrock's inherent data privacy, provides a safe sandbox where users can upskill on AI systems.

Some labs force users to implement guardrails to restrict input and output. Other labs require more freedom when using LLMs, so that you can use these models unfiltered and learn how to secure AI systems in a safe environment.

In summary:

• AWS-based labs provide fine-grained access control.

• AWS Bedrock never uses inputs or outputs to train models.

• Any credentials to use the LLMs are locked to the lab IP address.

• User permissions are extremely minimal, limited to invoking specific models required for the lab environment. These are:

  • Amazon Nova Micro

  • Amazon Titan Text Embeddings (v2)

  • Anthropic Sonnet

Microsoft Foundry

We use Microsoft Foundry in some lab environments to provide users with AI access keys, which are short-lived, rate-limited, and IP address-restricted to the lab environment.

This enables the use of additional models (such as OpenAI Codex), for use in lab environments, such as the Building with AI: Codex CLI collection.

Microsoft’s data privacy policies for Azure AI Foundry state that customer inputs (prompts) and outputs are not used to train foundation models and are not shared with other customers or external model providers (like OpenAI). Data is retained for a maximum of 30 days – only for abuse monitoring.

Google Vertex

We also use Google Vertex in some lab environments to provide users with AI access keys, which are short-lived, rate-limited, and IP address-restricted to the lab environment.

This enables the use of additional models (such as Google’s Gemini), for use in lab environments, such as the Building with AI: Gemini CLI collection.

Google's Vertex AI and zero data retention documentation state that customer inputs (prompts) and outputs are not used to train foundation models and are not shared with other customers or external model providers.

OpenAI

Some labs on our platform use OpenAI directly as the provider. The following labs use and access OpenAI generative models:

• AI: Generative AI Models

• AI: Prompt Injection Attacks

• AI: Artificial Intelligence for Incident Responders

• AI: Function Calling

• AI: Demonstrate Your Skills

• AI: Plugin Injection – Demonstrate Your Skills

The Beat the Bot AI challenge uses the same generative AI technology as our in-platform labs, but this lab is hosted separately and is publicly available. The user experience is identical to a number of labs in the platform; but the hosting infrastructure is separate.

Models

The labs listed above are configured to access OpenAI models via the API and not the public-facing ChatGPT web interface. This allows us to apply certain controls and provides a level of protection for our users.

• Any messages sent via the API are not stored or retained by OpenAI.

• Any messages sent via the API are not used to train OpenAI models.

All the eight labs listed above, as well as the Beat the Bot challenge, use GPT-3.5 Turbo as the AI model.

System prompts and token limitations

Each in-lab user interface has an underlying system prompt that attempts to limit the conversation to the chosen topic of the lab. However, users with sufficient knowledge could craft a prompt to bypass the underlying instructions we've created and broaden the conversation. 

In addition, we restrict the number of tokens that can be generated by any single message. Depending on the lab’s requirement, this number is designed to be large enough to complete each task, but not big enough to become fully conversational with the AI model.

Moderation

All messages sent to the OpenAI API are bound by moderation policies that prevent it from returning content that falls into specific categories, such as hate or violent speech. 

Further details on the OpenAI moderation classification can be found on its website. 

Data transmission

All data sent to the AI via the lab is composed of data generated within the lab environment. Users can’t upload documents from outside the lab environment, and UI restrictions mean all messages are text based.

Additionally, no metadata or personally identifiable information related to the user or the organization is captured by, uploaded, or sent to the AI model.