Interactives are learning activities that run in a student’s browser, created by you with the help of an AI builder. They are designed with multiple layers of protection to keep you and your students safe and prevent misuse.
- Runs in a secure sandbox: Every interactive runs inside an isolated container in the browser. It cannot access tabs, navigate away from the page, or read other cookies or login session. Even if the AI generates unexpected code, it stays contained.
- Only pre-approved libraries: Unlike other vibe-coding platforms, Cogniti Interactives only draw from a set of pre-approved ‘libraries’ or plugins to power its functionality, preventing the Interactive from pulling in untrusted scripts.
- Network restrictions: Code inside an interactive can only communicate with the Cogniti server — it cannot send data to external websites or services.
- Permission controls: Educators control exactly who can find, use, edit, and clone each interactive. New interactives default to restrictive settings. Educators can widen access as needed, and grant co-owner access to colleagues.
- AI helper safeguards: When an interactive includes AI-powered features (like hints or answer checking), each student session has a usage budget. Once the budget is reached, further AI requests are blocked. Session tokens are single-use and expire automatically. Interactions with AI-powered features within the Interactive are also passed through AI content safety filters.
- Content sanitisation: Any text authored by educators (such as instructions) is cleaned to remove potentially harmful content before it is shown to students.
- Safe cloning: When an Interactive is cloned, the copy starts with restricted permissions and is unpublished by default. Only resources and AI agents the cloning user has access to are carried over.
- File Security: Uploaded resources (images, data files) are stored securely and scanned for malware. They are only accessible to users who can run the Interactive.
- Monitoring & audit: All significant actions — creating, editing, deleting, and AI usage — are logged for accountability and troubleshooting.
