Science for good — using AI and cybersecurity to aid social integration for refugees
Together with our clients, Netlight creates positive change in society by implementing digital transformation. We also collaborate with local and global non-governmental organizations (NGOs) to accelerate societal improvements. This time, we highlight consultant Sinan Saka who explores the fields of AI and Cybersecurity for employment platform Startup Refugees.
The Discovery
With innovation at our core, Netlight is constantly producing new ways to support NGOs. In one of our brainstorming sessions, we discussed how to bridge the gap between science and charity. Our hypothesis was that NGOs lacked the resources to spend on R&D which slowed down their ability to innovate. After reaching out to many NGOs in Finland, we realized that this hypothesis was valid.
“Social Impact for Netlight is about using what we are good at — tech consulting — to improve people’s lives. When we partner with organizations who are great at what they do within the non-profit and social impact sphere, we can amplify the end-result together” says Anna Routti, Senior Manager at Netlight Helsinki.
One of these NGOs is Startup Refugees. Startup Refugees is a social innovation organization that offers asylum seekers, refugees, and other immigrants a chance to lay a foundation for a professional life in Finland. Currently, they’re helping 9.2k+ people to find employment, develop professional skills, and start businesses — and so far, Startup Refugees has put over 1650 people in employment and trained close to 1000 entrepreneurs. Some truly remarkable numbers, considering that the NGO only has around 20 employees.
Collaborations with academic institutions can be cumbersome and slow due to their large scale of operations. On the contrary, young researchers who are working on their master’s degree can be an agile asset for NGOs — with creative freedom and dedicated time to spend on research.
That is where I came in. I was at the time in the last stage of my joint master’s degree in Security and Cloud Computing at Aalto University and KTH Royal Institute of Technology.
A collaborative innovation: Match by Startup Refugees
Match is a tool developed together with both personal and corporate volunteers for Startup Refugees. It currently hosts over 9000 newcomer profiles, providing comprehensive information about individuals’ education, work experience, skills, motivation, wishes, and requirements for the next career step. Additionally, the tool assesses interest in entrepreneurship and potential business ideas.
This ensures that when job opportunities, mentoring, or other forms of support are offered through the platform, they are meticulously matched to individuals with specific and genuine needs.
Startup Refugees has always been proactive about data security and privacy in Match. Earning the trust of thousands of people to store their confidential information is a challenging task. Ensuring data safety requires a comprehensive approach to cybersecurity. The people involved with the project realized this early on and built it with security in mind. Like all companies, Startup Refugees had rising concerns about protecting their customers and wanted to improve their preparedness.
Additionally, global instability also increased the rate of refugees and immigrants arriving to Finland. Five years after its inception, Match was having difficulty catching up with the speed of onboarding newcomers.
“When it comes to social impact, it is not enough for a company to articulate its commitment to social change; the true measure of impact lies in the ability to actually walk the talk. Netlight is supporting us with Match in concrete and measurable ways. This collaboration has a direct impact on the inclusion of refugees, asylum seekers and migrants” says Aicha Manai, CEO of Startup Refugees.
The Investigation
Creating academic literature that is not only sophisticated and accessible to users who might not be tech-savvy is a challenging task. As part of our initiative, it was important to understand the needs of the end-users, ensuring that any technological intervention is practical and beneficial in real-life scenarios.
I spent a month assessing the state of Match from end-to-end. I had conversations with various teams at Startup Refugees to fully understand the root causes and triggers of the problems they have been facing. Furthermore, I wanted to get a glimpse of how the end users interacted with the application to understand their perspective. So, I joined a Match Clinic, an event where job seeking refugees and immigrants can meet members of Startup Refugee community to get 1-on-1 guidance on creating their CV. Thanks to this event, I had a direct and clear picture on how our work improved people’s lives.
The person who I had day to day contact with about the application was Mustafa. He is a Community Coordinator and IT specialist at Startup Refugees, on top of studying IoT (Internet of Things) and getting hands-on with cloud services. He has worked in Startup Refugees for around 2.5 years and is still passionate about the impact they make every day. He was the only technical person in the organization working on Match, however, due to his many other responsibilities his time was quite limited. This meant that any solution I created would have to be simple, fast and with no/minimal maintenance.
Realizing I could only tackle one of the problems in the thesis period, I decided to focus on their cybersecurity matters. To solve their speed and scaling related issues, I called in the cavalry from Netlight. With additional consultants joining me on this quest, we quickly became a team of 3.
“Match is a backbone to our daily bases work and boosts our productivity, Netlight have read this and offered the support and provided experts with the right skills.” — Mustafa Aal-sahek, Startup Refugees
The research
After multiple months of research and development, I finally published “KARTAL: Web Application Vulnerability Hunting Using Large Language Models”. State-of-the-art (SOTA) research has introduced hybrid application security testing tools, algorithmic brute forcers, and artificial intelligence, showing great promise in vulnerability detection. However, a gap existed in research when it comes to reliably identifying logical and context-dependent Broken Access Control vulnerabilities. Addressing this gap, I developed KARTAL — a new method for web application vulnerability detection that leverages a Large Language Model (LLM). KARTAL consists of three key components: the Fuzzer, the Prompter, and the Detector.
The Fuzzer is responsible for methodically collecting application behavior. It serves as the foundation for understanding the intricacies of the web application’s functionality. The Prompter processes the data collected by the Fuzzer and formulate a prompt. This step is crucial in preparing the information for the subsequent vulnerability detection process. The Detector utilizes a finely tuned LLM designed specifically for detecting vulnerabilities. This component is at the forefront of our innovative approach to identifying Broken Access Control issues.
One of KARTAL’s strengths lies in its dynamic properties, enabling inference-time adaptation to the application domain. This adaptability significantly reduces false positives, enhancing the overall reliability of vulnerability detection. Additionally, its lightweight architecture enables it to be run even on a consumer-grade laptop.
The Results
After the project was completed, we received great feedback from Startup Refugees and saw the fruits of our labor. The team felt contentment knowing that they added new measures and improved the security standing of Match overall. Additionally, the application was performing significantly faster, allowing the recruitment team to reach out to more people.
“Matching now is smooth and fast; we feel safer and assured about storing client data. Netlight provides practical and client focused solutions. Together we have developed a new roadmap based on the work done to keep Match on ongoing development to adapt our needs and client base growing” — Mustafa comments.
As per, the Netlight teamwork made the dream work. Aside from the engineering team which included Eetu, Mia, and me, we also onboarded product and leadership consultants Anna-Sofia, Nina, Mariam, and Anna. This was truly a team effort. When I asked, Mustafa described Netlight as collaboration-first, trustworthy, and innovative — I could not have said it better myself!
“I have experienced that Mustafa, Maiju and Aicha at Startup Refugees are continuously seeking new ways to improve the integration of refugees into the Finnish society, by combining entrepreneurial spirit with the needs of people in a fragile position in society. It’s very inspiring and I have learned a lot personally” — concludes Anna Routti.
Conclusion
This story serves as a testament to the possibilities that arise when academia, industry, and social impact converge. It highlights the importance of not compromising on creative problem-solving while staying true to the scientific body of knowledge.
We are proud to be working with Startup Refugees and feel rejuvenated every time we solve demanding tests that we are faced with. Stay tuned for more stories from our work!
Feel free to reach out to me if you have any questions related to the research.
Disclaimer
Netlight is a leading digital consultancy company providing a full range of consultancy services from tech and data to design and management. Our 2000+ consultants in our Stockholm, Oslo, Helsinki, Copenhagen, Munich, Hamburg, Berlin, Frankfurt, Zurich, Cologne, and Amsterdam offices help to make aspiring digital leaders successful.
