“Wait, I’m giving my toddler access to AI that can write code?”
Yes. And it’s safer than handing them YouTube. Here’s how to do it right.
First: What’s an API Key?
Think of it as a password that lets the AI do its work. You need one, it costs a little money when it’s used, and you really don’t want it public. That’s the whole concept.
The Basic Safety Setup
1. Set spending limits (2 minutes)
Every AI service lets you set a monthly cap. I set mine to $10. My toddler would have to build something like 500 games to hit it, and when the limit’s reached, the thing just stops working. No surprise bills.
2. Use a password manager (already done, right?)
Your API key goes in your password manager, not on a sticky note. I use 1Password, but Bitwarden is free and excellent. Copy-paste it when you need it.
3. Separate user account (5 minutes)
Create a “Family Coding” user on your computer with nothing but VS Code and a browser. No email, no shopping sites, no saved passwords. That’s your coding sandbox.
The Advanced Move: Devcontainers
Want bulletproof? Devcontainers isolate the AI’s environment completely – like giving it its own little computer inside your computer. It can’t touch your files, can’t see your system, can’t do anything outside its box.
Here’s a simple setup. Create a folder called .devcontainer and a file inside it called devcontainer.json.
.devcontainer/devcontainer.json:
{ “name”: “Toddler Dev Environment”, “image”: “mcr.microsoft.com/devcontainers/javascript-node:1-20”, “features”: { “ghcr.io/devcontainers/features/common-utils:2”: {} }, “customizations”: { “vscode”: { “extensions”: [ “anthropic.claude-code” ], “settings”: { “editor.fontSize”: 20, “editor.wordWrap”: “on”, “files.autoSave”: “afterDelay”, “files.autoSaveDelay”: 1000, “terminal.integrated.fontSize”: 16, } } }, “postCreateCommand”: “npm install -g @anthropic-ai/claude-code”, “remoteUser”: “node” }
Save it, restart VS Code, and it’ll ask whether you want to open in a container. Say yes. Now the AI can only work inside this sealed environment.
What Can Actually Go Wrong?
Let’s be realistic about the risks.
Could the AI write weird code?
Theoretically, yes. In practice, your toddler is asking for truck games, not bitcoin miners. And you’re watching the whole time.
Could they rack up huge bills?
Not with spending limits. $10 max means $10 max.
Could they accidentally delete files?
Nothing unrecoverable, if you’re using a devcontainer.
The Reality Check
I’ve been doing this for months. The worst thing that’s ever happened? My son asked the AI to “make everything green,” and it did. Everything. The horror.
Your toddler is safer building games with AI than:
- Watching YouTube (no algorithm nudging them toward weird videos)
- Playing mobile games (no ads, no in-app purchases)
- Using kid apps (no data collection)
The One Rule That Matters
You’re always there.
This isn’t your typical screen time. You’re sitting together, typing their words, watching the thing come to life. You’re the filter, the guide, and the emergency stop button – worth more than any technical safety measure I could list.
Your Action Items
- Get an API key (Claude or OpenAI)
- Set a $10 monthly limit
- Put the key in your password manager
- Create that devcontainer file (optional but recommended)
- Start building!
We’re living in a moment where a 2-year-old’s imagination can become real in minutes. Safely. Easily. Together.
When my son says “Make a race car game!” and we actually make it, I watch his sense of what’s possible widen in real time. He’s learning that computers aren’t mysterious boxes; they’re creative partners. He’s discovering that his ideas have value – that he can build, and not only consume.
And it’s all happening safely, with you right there, guiding the adventure. Safe and a little bit magical, both at once.
Security questions? Reply and ask. I’ve almost certainly overthought it already, so you don’t have to.