L0.3 — Environment setup & sanity check (Lab)¶
Type: Lab · Duration: ~45 min · Status: Mandatory Module: Module 0 — Orientation & Environment Setup Framework tags: course-wide enablement — no specific tag
Goal of the lab¶
Get your lab environment fully operational and verify every tool you'll use across the course: Python toolchain, container runtime, local LLM (Ollama), API access (OpenAI or Anthropic), the course repo, and a working "Hello, world" against a real model.
Why this matters¶
Two of the three highest sources of dropout in technical training are Day-1 environment failures and unverified API access. This lab kills both. Every lab that comes after assumes the checks at the end of this one pass.
Prerequisites¶
- Skills assumed: comfort with a Linux shell (cd, ls, cat, env vars), basic Python (read & run a script).
- Lessons completed: L0.1, L0.2.
- Accounts you need before starting: an OpenAI account or an Anthropic account with at least $5 in credit. We don't need both; pick one. We'll use whichever you choose throughout the course.
What you'll build / verify¶
- A working Python 3.11+ environment with
uvas the package manager and the course dependencies installed. - Docker running, with a pulled
python:3.11-slimbase image cached. - Ollama installed with
llama3.2:3bpulled and responding. - API access verified: a one-line script that calls your chosen provider and prints a completion.
- The course repo cloned at
/workspace/ai-sec-course. - A passing
sanity-check.pyrun that exercises every dependency.
Steps¶
Step 1 — Open your lab environment¶
Click the Start Lab button in the right pane. After a few seconds you'll get a terminal prompt:
This is a real Linux container, pre-provisioned with everything you need. You can ls /workspace to see the lab files. The environment auto-resets if you break it, so explore freely.
Step 2 — Verify the Python toolchain¶
We use uv instead of pip + venv. It's faster, the lockfile is reliable, and one tool handles environments + dependencies + Python versions.
Expected output:
If you see command not found: uv — your container provisioned without uv. Open the help channel; this is a platform-side bug, not yours.
Step 3 — Install the course dependencies¶
Expected output (last lines):
You can spot-check what was installed:
You should see entries like openai, anthropic, langchain, chromadb, transformers, torch, garak, promptfoo — the full toolkit for the course.
Step 4 — Verify Docker¶
Several later labs use Docker to spin up vulnerable-by-design target apps. Confirm Docker is running and the base image is cached:
Expected output:
Client: Docker Engine - Community
Version: 24.x.x ...
Server: Docker Engine - Community
Engine: ...
python 3.11-slim <hash> <date> ~150MB
If you see Cannot connect to the Docker daemon — wait 30 seconds and re-run; the daemon may still be starting. If it persists, restart the lab.
Step 5 — Verify Ollama and pull a local model¶
We use Ollama in several labs so you have an LLM you can hammer without hitting API rate limits or burning credits.
The pull is ~2 GB; expect 1–3 minutes on the lab network.
Expected output (final lines):
pulling manifest
pulling <hash>... 100%
verifying sha256 digest
writing manifest
removing any unused layers
success
Confirm it runs:
Expected output: any five-word greeting. Models don't always count perfectly; that's normal.
Step 6 — Verify your API provider¶
You picked OpenAI or Anthropic in prerequisites. Set the corresponding env var. Never paste your raw key into a script that may be checked in — set it as an env var.
If you chose OpenAI:
If you chose Anthropic:
export ANTHROPIC_API_KEY="sk-ant-..."
echo "ANTHROPIC_API_KEY set to: ${ANTHROPIC_API_KEY:0:11}...(redacted)"
Now run the provider hello-world:
Expected output (one of):
orIf you see AuthenticationError — your key is wrong or has no credit. Fix the key and re-run.
If you see Insufficient quota — add at least $5 in credit on the provider dashboard.
Step 7 — Run the full sanity check¶
This single command exercises every dependency we just installed and prints a green check or red X for each.
Expected output:
[✓] Python 3.11+
[✓] uv environment synced
[✓] Docker daemon reachable
[✓] Ollama running, llama3.2:3b available
[✓] Provider API reachable (OpenAI | Anthropic)
[✓] Course repo at /workspace/ai-sec-course
[✓] LangChain importable
[✓] ChromaDB importable
[✓] Transformers importable
[✓] Torch importable (CPU)
[✓] Garak importable
[✓] promptfoo CLI on PATH
ALL CHECKS PASSED — you're ready for Module 1.
If any line shows [✗], scroll up to find the error and fix it before moving on.
Step 8 — Bookmark your help channel¶
Click the Help icon in the platform sidebar. That's where you go when you're stuck on any lab. Real humans, not a bot.
What just happened (debrief)¶
You just stood up an AI security engineer's working environment. Let's name what you have, because you'll use every piece of it later in the course.
uv + the course repo give you a reproducible Python environment. Every lab references a script in this repo, and the same uv sync will work tomorrow as it did today. Reproducibility is not a nice-to-have in security work; it's how you defend a finding.
Docker is your target-app substrate. Several labs ship a deliberately vulnerable LLM application as a container. You'll attack the container, not the platform — that's how you can practice safely.
Ollama + llama3.2:3b is your unlimited local LLM. When we run attacks that need hundreds of queries (membership inference, extraction, fuzzing), you'll use Ollama so you don't burn through API credit. Llama 3.2 3B is small enough to run on the lab's CPU and large enough to demonstrate every attack technique.
Your provider API key (OpenAI or Anthropic) gives you a frontier-quality model to compare with. The same prompt that fails on a 3B local model often succeeds against a frontier model — and the same defense that works on a frontier model often misses things a smaller model exposes. Cross-checking is its own skill.
The sanity-check script is your friend. Re-run it any time a lab refuses to start; it usually surfaces the broken dependency in under five seconds.
A note on cost: across the whole course, expect ~$5–15 in provider API usage if you use a frontier model (more if you go heavy on optional extension challenges). You can do the entire mandatory track on Ollama alone if cost is a concern, with the trade-off that some defense lessons (e.g., comparing guardrail behavior on GPT-4o vs Claude vs Llama) will be less vivid.
Extension challenges (optional)¶
- Easy. Re-run
scripts/hello_provider.pywith a different prompt — ask the model to introduce itself. Notice how each provider has a slightly different "voice"; that's the system-prompt and RLHF differences talking. - Medium. Pull a second Ollama model —
mistral:7borphi3.5— and compare the responses to the same prompt. Make a one-page note on differences you observe; you'll need this intuition in Module 3. - Hard. Install the
garakCLI (it's already inuv's environment — tryuv run garak --help) and run its smallest probe set against your Ollama endpoint. Don't worry about the results yet; you'll learn to read them in Module 7. This is just a "does the pipeline work end-to-end" test.
References¶
uvdocumentation — https://docs.astral.sh/uv/- Ollama — https://ollama.com/
- OpenAI API reference — https://platform.openai.com/docs/api-reference
- Anthropic API reference — https://docs.anthropic.com/
- Garak — https://github.com/NVIDIA/garak
Provisioning spec (for lab platform admin, NOT shown to learner)¶
Container base image: aisec/labs-base:0.1 (custom image; recipe below)
Base OS: Debian 12 slim
Pre-installed system packages:
python3.11 python3.11-dev
build-essential
git curl wget jq unzip
docker.io # docker-in-docker
ca-certificates
Pre-installed CLIs:
- uv (Astral) — latest stable
- ollama — latest stable, with llama3.2:3b pre-pulled in the image to skip Step 5's download (~2 GB image bloat; trade size for first-run UX)
- docker (rootless or sibling, platform dependent)
Course repo location:
- Cloned read-write to /workspace/ai-sec-course from git@github.com:silas-asfela/ai-sec-course.git (private until launch)
- uv sync pre-run during image build so dependencies are warm
Python deps installed via uv sync (excerpt — full list in repo pyproject.toml):
openai>=1.40
anthropic>=0.40
langchain>=0.3
langchain-community
chromadb>=0.5
transformers>=4.45
torch>=2.4 # CPU build
sentence-transformers
garak>=0.10
promptfoo # via npm; see below
picklescan
modelscan
pytest
jupyter
Node-based CLIs:
- promptfoo via npm i -g promptfoo during image build
Environment variables (per-learner):
- OPENAI_API_KEY — optional; learner supplies their own
- ANTHROPIC_API_KEY — optional; learner supplies their own
- OLLAMA_HOST=http://localhost:11434 — set
- HUGGINGFACE_HUB_CACHE=/workspace/.cache/huggingface — set
- PYTHONUNBUFFERED=1 — set
Pre-loaded files:
- /workspace/ai-sec-course/ — full course repo
- /workspace/ai-sec-course/scripts/hello_provider.py — provider hello-world (used in Step 6)
- /workspace/ai-sec-course/scripts/sanity_check.py — full sanity check (Step 7)
- /workspace/.cache/ollama/models/ — pre-pulled llama3.2:3b
Network access required:
- Egress: api.openai.com, api.anthropic.com, huggingface.co, *.ollama.com, github.com, pypi.org, registry.npmjs.org, *.docker.io
- Ingress: none
Resource footprint: - Container image size target: ≤ 6 GB (3.5 GB without Ollama model preload) - Memory: 4 GB minimum, 8 GB recommended for Module 5+6 - Idle timeout: 60 min - Max lab session: 4 hours (learner can restart)
Notes for platform admin: - Llama 3.2 3B fits on CPU but is slow (~5–10 tok/s). If lab platform supports GPU instances, allocate one optional GPU tier for Modules 5–6 where lab speed materially affects experience. - API keys are learner-supplied, NOT platform-supplied — we are not on the hook for OpenAI/Anthropic billing. Document this clearly at signup. - Docker-in-docker is required from Module 3 onward. If the chosen lab platform doesn't support DinD, we'll need to migrate the vulnerable target apps to be processes inside the lab container instead — flag early.