What investigators looked for
- Exposed employee information
- Leaked credentials
- Network infrastructure vulnerabilities
- Unprotected digital assets
- Public attack surfaces
Overview
Using public data to rethink cybersecurity investigations
Small businesses are frequent targets of cyberattacks but often lack the expertise or resources to conduct thorough security assessments. Traditional vulnerability assessments require specialized technical skills, internal system access, and significant time investment.
In this project, I explored whether open-source intelligence, information available publicly on the web, could be used to conduct meaningful vulnerability assessments for organizations.
OSINT investigations are complex. Analysts must sift through noisy public data, verify evidence, coordinate findings, and document investigative workflows. To address those challenges, I designed and studied an OSINT Clinic where student investigators collaboratively conducted vulnerability assessments using only publicly available data, then explored how generative AI could augment that workflow.
This work resulted in a longitudinal co-design study and real-world pilot deployments with small businesses, culminating in design insights for AI-augmented investigative systems.
Format
Longitudinal co-design study
An academic-year study combining participatory workshops, probes, and real-world pilot investigations.
Domain
Cybersecurity investigations
Focused on scalable vulnerability assessment using only publicly available information.
The Problem
Small businesses face risk, but traditional assessment models do not scale
Small businesses face serious cybersecurity risks but often lack the resources to conduct vulnerability assessments. According to industry reports, 43% of cyber breaches target small businesses, yet many organizations do not have the expertise to identify potential attack surfaces.
Cybersecurity clinics have emerged as a promising model, where students perform security assessments while gaining hands-on experience. But traditional clinics depend on internal system access, specialized security tools, and high levels of technical expertise, which limits how scalable the model can be.
I explored a different approach: what if vulnerability assessments could be conducted using only publicly available data? That question led to the OSINT Clinic.
My Role
Led the research and design of the OSINT Clinic program
Research framing
I framed the research questions and defined the clinic as a UX research problem around collaboration, scalability, and AI augmentation.
Program and system design
I designed the OSINT clinic model, participatory co-design process, and AI design probes used to test support concepts.
Longitudinal UX research
I conducted the longitudinal study, analyzed collaborative investigation workflows, and traced how novice expertise developed over time.
Design synthesis
I translated findings into design implications for AI-augmented investigative systems in sensitive domains.
Research Questions
Four questions guided the clinic and the AI strategy
How can vulnerability assessments be scaled using OSINT?
What challenges arise in collaborative OSINT investigations?
How can generative AI support novice investigators?
How can AI be integrated into real-world investigative workflows?
What I Designed
The OSINT Clinic
The OSINT Clinic is a collaborative investigation program where student analysts conduct cybersecurity vulnerability assessments using publicly available information.
OSINT techniques used
- Social media investigation
- Satellite imagery analysis
- Network scanning tools
- Breach databases
- Website infrastructure inspection
Collaborative investigation workspace
The clinic provided a structured environment where students collaborated on real investigations, coordinated evidence, and tested where AI support could be useful.
Because OSINT relies only on public data, the approach avoids risks associated with internal network access while still revealing meaningful security insights.
Study Design
Longitudinal co-design study across an academic year
The study involved six undergraduate student investigators working collaboratively in the clinic. Students met twice weekly for training, practice investigations, and design workshops.
6
student investigators in the longitudinal study
3
real small businesses assessed in the final phase
3
phases spanning workshop, probe design, and pilot deployment
Identifying challenges in OSINT investigations
Through participatory workshops, students mapped investigative workflows using a structured design canvas. This surfaced challenges in planning, collecting relevant data, verifying sources, analyzing large volumes of information, documenting evidence, and coordinating across uneven expertise.
Co-designing AI support
I introduced generative AI probes to explore how AI could augment investigation workflows. We experimented with AI-generated investigative prompts, workflow support tools, collaboration platform features, and structured prompt libraries for generating leads, summarizing findings, organizing evidence, and guiding novice analysts.
Real-world investigations
Students conducted vulnerability assessments for three real small businesses. The AI-augmented workflows were used during these investigations to evaluate their practical value and expose both the benefits and limits of integrating AI into investigative work.
Key UX Insights
What collaborative investigation work actually needed
Investigative work is deeply collaborative
Teams had to coordinate across sources, verify each other’s findings, and synthesize fragmented evidence. Students often struggled to maintain shared awareness of what had been investigated, which leads were promising, and who owned each task.
Novice investigators struggle with exploration
Students often did not know where to start, how to pivot when a lead failed, or which tools fit a given task. AI prompts were especially helpful for generating investigative directions and reducing the blank-page problem.
AI can scaffold expertise
Generative AI helped bridge knowledge gaps by suggesting investigative strategies, summarizing large volumes of data, and helping students structure reports. That allowed novice analysts to approach work that normally requires deeper domain expertise.
Trust and privacy are major barriers
Students were cautious about sharing sensitive investigation details with AI systems, relying too heavily on AI outputs, and maintaining ethical standards. This exposed a socio-technical gap between AI capability and trust in sensitive domains.
Design Implications
Principles for AI-augmented investigative systems
Support exploration, not replacement
Investigative work requires human judgment. AI should generate leads and structure workflows rather than provide final answers.
Make collaboration awareness explicit
Investigative tools should help teams maintain shared awareness of ongoing leads, evidence collected, and investigation progress.
Scaffold learning
AI can help novice investigators develop expertise through guided workflows, prompts, and structure rather than simple automation.
Design for transparency in sensitive domains
Investigators need to understand how AI produced its outputs to maintain trust, accountability, and ethical standards.
Impact
Human-centered design for scalable cybersecurity investigations
The OSINT Clinic demonstrates how human-centered design can transform complex investigative workflows.
Key contributions include a scalable model for OSINT-based vulnerability assessments, a co-design methodology for AI-augmented investigations, empirical insights into collaborative OSINT workflows, and design guidelines for AI-supported investigative systems.
The project showed that AI is most valuable in cybersecurity investigations when it helps novice teams explore, coordinate, and learn, without displacing the human judgment required for sensitive work.
Research takeaway