How AI Can Elevate Risk Judgment and Decision-Making
A Travel Risk Intelligence Theater Case Study
AI is already measurably advancing natural hazard forecasting, medical diagnostics, and drug discovery and development—domains representing humanity's oldest survival challenges. Yet in high-income nations, where poverty and access are less problematic, most casualties stem not from 'acts of God' but from preventable causes: poor risk awareness, innumeracy, and flawed decision-making—what we call low safe-esteem.
In the "Risk Competency Illusion," I argued that many professional domains trafficking in risk intelligence amount to little more than sophisticated theater—elaborate frameworks and terminology masking fundamental analytical shortcomings. I also highlighted our ignorance, mental fog, and the many biases that plague our risk thinking and communication.
My startup and our consulting work focus on addressing this gap by demonstrating how AI-augmented solutions can improve personal and organizational risk intelligence and decision-making. We can do this today because instead of seeking theoretical perfection, we focus on significant improvements over existing practices. The key question is not whether AI/ML can provide flawless risk assessments, but whether it can help overcome the cognitive and methodological limitations of current competencies and methods.
The Travel Risk Intelligence and Management industry offers a particularly interesting case study of these challenges. When I recently posted about several well-documented shortcomings of a popular travel security rating system, the response from an industry veteran—and, more significantly, the numerous endorsements from security professionals, including Chief Security Officers—provided a wealth of insights, exemplifying these challenges.1
Why Should You Care?
Whether you're a seasoned professional in a risk-centric industry, an AI entrepreneur, or simply someone interested in making better safety decisions, it's crucial to recognize the ambiguity, cognitive biases, and social signaling that shroud most risk information (especially on Social Media).
Detailed examinations of exchanges like the one that follows aim not to argue or attack but to encourage metacognition—becoming aware of our internal risk "calculations" through real, familiar examples. This awareness represents a crucial first step toward enhanced safe-esteem and better risk judgment (and developing AI solutions for it).
Most of us rarely engage in conscious risk evaluation during our daily routines. It's when we contemplate unfamiliar circumstances—particularly travel to new destinations—that we actively seek to understand potential threats and hazards. This makes travel risk intelligence particularly significant: not only is it arguably the second most widely consumed form of formal risk assessment globally (after severe weather warnings), but it often serves as our primary framework for evaluating unfamiliar environments.
How we interpret and act upon these assessments can profoundly impact our decision-making, from choice of accommodation to daily movement patterns in a foreign city.
The Insightful Exchange
My post:
And here’s the response filled with insights:
To make the most of this exercise, consider forming your own critique before reading further: Are there obvious problems with either statement? What methodological assumptions are being made? Where might cognitive biases be influencing the analysis?
(The author’s name has been changed to John Doe (JD) in the following analysis to protect their privacy. Heaven knows, very smart people often make very foolish statements online.)
The AI analysis of the response:
Now, picture having a personal ‘risk expert’ advisor—a skilled AI assistant who can guide you through the vast ocean of risk intelligence while you browse the web and check your inbox.
Here’s how our AI agent could assist you: (This would be TMI for most but critical for risk intelligence professionals concerned with black-box AI solutions. You can skip it and get the quick summary below.)
Below is a detailed, point-by-point critique of JD’s post, drawing on best practices in Risk Judgment and Decision-Making (RJDM), as well as established principles of risk measurement, quantification, and communication. The goal is to highlight potential logical gaps, cognitive biases, or inaccuracies—especially those that can pose serious consequences in the field of travel risk management.
1. “That layout in this post looks a lot like it came from Crisis24 which inherited the iJET/WorldAware Country Security Assessment Ratings (CSARs).”
Observation: JD is identifying the source of the displayed rating system as Crisis24 (formerly iJET/WorldAware).
Critique: While pointing out the system’s origin is fine for contextual accuracy, it doesn’t address the core issue: whether these ratings are valid or effective. Simply identifying the brand or provenance of a rating system doesn’t automatically validate or invalidate its methodology or communication strategy.
2. “THESE ARE NOT RISK RATINGS.”
Observation: JD emphatically claims the ratings in question are not risk ratings at all.
Critique: This statement runs counter to the very definitions offered later in his own post. If they measure threats in a country for the purpose of guiding risk management decisions, then by operational design, they are being used as risk indicators—even if they are branded as “Threat Assessment Ratings” or “Security Assessment Ratings.”
RJDM Principle: Threat is a component of risk, which is typically calculated as (Threat × Vulnerability × Consequence). Disavowing the ratings as “risk” might be semantic or rhetorical, but in practical risk management, “threat levels” feed directly into risk calculations. The label doesn’t negate the function.
3. “Out the gate, there is no way to know what vulnerabilities a traveler has or will have. The traveler may be Superman, thus no Risk.”
Observation: JD argues that traveler-specific vulnerabilities are critical for determining actual risk.
Critique: True, risk is contextual and personalized. However, aggregate or baseline risk indicators (e.g., crime rates, political volatility) are still highly relevant. Dismissing these baseline indicators because not all travelers share the same profile is a logical fallacy—akin to saying seatbelt laws are useless because an individual might be a perfect driver.
Consequences: Overlooking general threat information (like homicide rates or road safety statistics) until you have perfect data on every traveler’s “Superman” profile is dangerous and misguided. Even highly trained travelers face external threats beyond personal control.
4. “Anyone that calls ratings like these ‘Risk Ratings’ doesn’t understand risk management as a discipline.”
Observation: He questions the competence of those who describe CSARs or similar threat-based metrics as “risk ratings.”
Critique: This is a sweeping ad hominem. It also overlooks standard risk lexicon in professional circles. Many widely respected risk analysts or models do in fact use the term “risk rating” to describe aggregated threat and vulnerability metrics.
RJDM Principle: Reducing complicated discussions to “you don’t understand risk management” is counterproductive. A more intellectually honest approach would be to clarify exactly how “threat” versus “risk” is defined in this system.
5. “CSARs are the intrinsic threat levels for a given location. The Alerting system informs the organization and traveler of any dynamic changes to this baseline.”
Observation: JD explains that CSARs define baseline threat levels, while an alerting system flags dynamic changes.
Critique: This is standard practice in many risk and intelligence platforms. However, calling them strictly “intrinsic threat levels” still does not remove them from the broader context of risk assessment.
RJDM Perspective: Even if they’re labeled “threat ratings,” they are functionally used to guide risk-related decisions. Tying dynamic alerts to a baseline threat level is effectively a risk management process.
6. “There are Threat Assessment RATINGS for each of the 5 categories related to the Security environment in a country or city.”
Observation: JD distinguishes five categories of threat.
Critique: Breaking threats into categories can be beneficial if those categories are well-defined, data-driven, and consistently updated. Yet these categories often remain aggregated into a single index or “color-coded” rating—which is effectively a risk rating.
RJDM Principle: Multi-factor threat categories can be a step toward better clarity but can also create confusion if combined incorrectly (i.e., if these categories are not properly weighted or if they’re simply merged into a “one-size-fits-all” label).
7. “When you read the Crime Assessment, it makes clear the issues of concern — to answer your question ‘What crime?’.”
Observation: JD implies that the textual crime assessment clarifies the exact nature of criminal threats.
Critique: Contextual detail is good. However, the original question about “What crime?” was raised to highlight how a single numeric or color-coded label can lump together widely varying criminal activities (pickpocketing vs. armed assault). If the rating doesn’t specify these nuances prominently, travelers may fail to differentiate lower-level risks from high-level ones.
8. “When using the CSARs, their purpose is made clear.”
Observation: JD contends the rating system’s purpose is transparent to users.
Critique: The adequacy of clarity is questionable; many risk systems remain ambiguous on how data is collected, weighted, or presented. Clarity must be judged by the end user’s understanding and decision-making outcomes, not just by the internal justification. In RJDM, “it’s clear to us internally” doesn’t guarantee clarity or efficacy for external stakeholders who rely on these ratings in the field.
9. “A country risk rating is useful as an indicator for organizations as to the type of risk management they should apply to a location, and how they should educate travelers.”
Observation: This statement explicitly calls it a country risk rating and highlights its role in informing risk management strategy.
Critique: This directly contradicts the earlier claim that “These are not risk ratings.” If the system is used to guide “risk management” and “traveler education,” it effectively functions as a risk rating. This internal contradiction suggests confusion or inconsistency in how the term “risk” is being applied.
10. “Filippo Marino, with a little homework, it would have been clear that these ratings are not quantitative nor averaged. So, before you hop on stage and make outrageous statements I hope this helps.”
Observation: JD challenges Filippo’s understanding and calls the statements “outrageous.”
Critique: This borders on ad hominem and lacks a clear, data-driven counterargument. Whether the ratings are “averaged” or “quantitative” depends on the underlying methodology. In many industry solutions, categories are often combined, weighted, or assigned numeric scales. Dismissing them as “not quantitative” doesn’t hold up if numerical scales or ordinal tiers are used to generate a final rating.
RJDM Principle: If ratings lead to a single label or numeric score (e.g., Level 3, High, Low, Medium), they’re effectively quantitative or ordinal. The claim that these are wholly “non-quantitative” and not averaged is rarely true in practice.
11. “AND, BY THE WAY, without a detailed profile of the Traveler, TRAVEL RISK RATINGS ARE USELESS.”
Observation: JD reiterates that risk ratings are meaningless without individual traveler data.
Critique: Tailored traveler profiles do matter—individual vulnerabilities (age, health, prior experience, etc.) can shift personal risk. However, claiming universal uselessness of aggregated risk data is a gross oversimplification. Baseline threat levels (e.g., homicide rates, civil unrest patterns, disease prevalence) provide essential context for any traveler profile.
Consequence: If widely adopted, this mindset may discourage organizations from investing in objective location-based data (crime, infrastructure, health system capacity), leading to blind spots. Even “Superman” faces external threats—a low personal vulnerability doesn’t make a destination inherently safe.
Synthesis & Conclusion
JD’s post contains several contradictions and ad hominem remarks that undermine its credibility from an RJDM standpoint:
Semantic Contradictions: First claiming “THESE ARE NOT RISK RATINGS,” then calling them “A country risk rating…useful as an indicator.” This contradictory language is confusing, especially for end users who rely on consistent terminology to make life-critical decisions.
Overreliance on Traveler Profile: While traveler-specific details are indeed important, disregarding universal threat metrics (like violent crime rates) is both unrealistic and hazardous.
Ad Hominem & Unsupported Claims: Dismissing others as lacking “understanding of risk management” isn’t a valid argument. It lacks data-driven rebuttal and fails to address core critiques about potential oversimplification or methodological opacity.
Failure to Address Biases & Communication Gaps: JD’s post does not engage with well-documented RJDM challenges such as anchoring, base-rate fallacy, or ambiguity aversion. These are critical to effective risk communication and are precisely why how you present a rating matters as much as what you present.
Bottom Line: The tension in JD’s stance arises from a mismatch between the intended purpose (a tool for baseline threat awareness) and the potential oversimplification that comes from labeling or marketing these tools. In RJDM terms, ratings can be valuable—but only if they are accurate, transparent, and carefully communicated. Neglecting these factors can lead to misguided decisions, confusion, and ultimately, heightened exposure to real-world threats.AI Analytical Summary
JD’s post contains a clear contradiction between denying that these are “risk ratings” and later acknowledging they are used to guide risk management and traveler education. This semantic inconsistency is especially problematic for end users who rely on consistent terminology for life-critical decisions. By first dismissing the concept of risk ratings and then admitting their practical function as risk indicators, JD confuses the very professionals and travelers he aims to inform.
Additionally, his dismissal of aggregated or baseline risk data until one has a “detailed profile of the traveler” overlooks the base rate reality—universal factors like local crime rates, road safety statistics, or disease prevalence remain relevant no matter the traveler’s individual traits. Ignoring these standardized, data-driven metrics is risky, as it can lead to underestimating or outright missing real hazards, thereby exposing travelers to undue dangers.Summary Critique of the AI Analysis
This AI analysis captured most of the (many) obvious issues and fallacies contained in the short post but still struggled with some important aspects:
It lacks agentic or action-based validation (the statement “THESE ARE NOT RISK RATINGS” could easily be flagged not just as self-contradicting but by simply visiting the mentioned company’s website where these are - accurately and unambiguously - labeled as risk ratings.) (Yet, neither did the many industry participants who either liked or applauded the post, proving they couldn’t spot the basic fallacy detected by the AI, let alone methodological ones.)
Cognitive biases, mental fog, Social-Media-induced ‘brain rot’ and more vs. AI hallucinations. An effectively instructed SOTA LLM can already detect RJDM fallacies better than droves of professionals in risk-centric roles and industries. Points 3 and 11 reveal the overly cautious and accommodating nature of SOTA foundational models. These statements promote the dangerous base rate fallacy and should be condemned more strongly.
The Base Rate Fallacy
·The analysis failed to identify a significant methodological red flag. The Point 5 statement, "CSARs are the intrinsic threat levels for a given location" - especially when applied to crime - typifies what academics have termed ‘pseudo-profound bullshit,’ fabricated concepts like "intrinsic threat level" that sound sophisticated but serve mainly to obscure the vendor's inability to produce relevant baseline rates of measurable phenomena like criminal victimization (which is universally measured in annual incident rates per population.)
Nevertheless, the analysis and response above are vastly more informed and thorough than the typical feedback from a LinkedIn or Facebook industry response or an average travel risk manager.
They showcase the potential of a personal AI assistant to help us navigate the overwhelming stream of risk and safety (mis)information and advice.
What’s Next
Evaluating risk intelligence and enhancing our risk judgment and decision-making skills are no easy tasks. Developing an AI solution that boosts our safe-esteem is also quite difficult, but we are quickly realizing it will be easier and faster than upskilling the entire global population or relying on natural selection.
Our journey into the challenges of developing a personal survival assistant has just begun, and we will delve into some of these in future posts.
Lastly, and given that a very large portion of travel risk intelligence and advice is generated under the umbrella of employers’ Duty of Care and Travel Risk Management programs, we shall also examine the legal implications of risk innumeracy and disinformation. Are security professionals exposing their employers to legal liabilities by posting or merely endorsing misleading risk advice on social media?
But before you go, and in the spirit of the metacognition mentioned earlier, ask yourself: “How did I arrive at my risk estimate and assumptions on my last trip?”
Thank you for reading, and Safe Travels!
To be clear, I have worked and continue to routinely interact with exceptionally talented professionals in this industry, both in public (e.g., the great team of analysts at OSAC) and private sector roles, leveraging many terrific products. While a single social media post will always be an anecdote, it can provide valuable insights into how risk and safety information is often acquired by the public and industry members and—more importantly—how it may influence your risk perception and decision-making quality.
Transcript for accessibility:
Original post:
---start---
Are travel risk ratings useless? [Image of Travel Risk Rating by Crisis24] What does a 'level 3' crime rating mean? What crime? (Pickpocketing? Car theft? Or murder? All non-correlated risks that call for quite different mitigation strategies.) How does a 'Moderate - Level 3' overall security rating compare to your routine environment? And how does it influence your behaviors? How about a 'combined score' of five pseudo-quantitative ratings? Averaging these is only a good strategy if you like to gamble with your life - or that of your employees. These are just a few (good) reasons why most business travelers (80%+) ignore destination risk ratings and briefs from hashtag#DutyofCare and TRM vendors or why no legitimate Protective Intelligence analyst would use them to produce an advanced assessment. Join us at OSACWEEK to discuss why these useless (when not dangerous) legacy travel risk rating practices endure and how big data analytics, cognitive-behavioral science, and AI enable Safe-xplore to quantify and communicate risk effectively.
---end---
The response by John Doe:
---start---
That layout in this post looks a lot like it came from Crisis24 which inherited the iJET/WorldAware Country Security Assessment Ratings (CSARs). THESE ARE NOT RISK RATINGS. Out the gate, there is no way to know what vulnerabilities a traveler has or will have. The traveler may be Superman, thus no Risk. Anyone that calls ratings like these "Risk Ratings" doesn't understand risk management as a discipline. CSARs are the intrinsic threat levels for a given location. The Alerting system informs the organization and traveler of any dynamic changes to this baseline. There are Threat Assessment RATINGS for each of the 5 categories related to the Security environment in a country or city. When you read the Crime Assessment, it makes clear the issues of concern - to answer your question "What crime?". When using the CSARs, their purpose is made clear. “A country risk rating is useful as an indicator for organizations as to the type of risk management they should apply to a location, and how they should educate travelers.” Filippo Marino, with a little homework, it would have been clear that these ratings are not quantitative nor averaged. So, before you hop on stage and make outrageous statements I hope this helps. AND, BY THE WAY, without a detailed profile of the Traveler, TRAVEL RISK RATINGS ARE USELESS.
---end---