Alexander Gutfraind

Alexander Gutfraind

Uncertainty is a pervasive challenge in decision and risk management and it is usually studied by quantification and modeling. Interestingly, engineers and other decision makers usually manage uncertainty with strategies such as incorporating robustness, or by employing decision heuristics. The focus of this paper is then to develop a systematic understanding of such strategies, determine their range of application, and develop a framework to better employ them. Based on a review of a dataset of 100 decision problems, this paper found that many decision problems have pivotal properties, i.e. properties that enable solution strategies, and finds 14 such properties. Therefore, an analyst can first find these properties in a given problem, and then utilize the strategies they enable. Multi-objective optimization methods could be used to make investment decisions quantitatively. The analytical complexity of decision problems can also be scored by evaluating how many of the pivotal properties are available. Overall, we find that in the light of pivotal properties, complex problems under uncertainty frequently appear surprisingly tractable.

Alexander Gutfraind

Decision theory recognizes two principal approaches to solving problems under uncertainty: probabilistic models and cognitive heuristics. However, engineers, public planners and decision-makers in other fields seem to employ solution strategies that do not fall into either field, i.e., strategies such as robust design and contingency planning. In addition, identical strategies appear in several fields and disciplines, pointing to an important shared toolkit. The focus of this paper is to develop a systematic understanding of such strategies and develop a framework to better employ them in decision making and risk management. The paper finds more than 110 examples of such strategies and this approach to risk is termed RDOT: Risk-reducing Design and Operations Toolkit. RDOT strategies fall into six broad categories: structural, reactive, formal, adversarial, multi-stage and positive. RDOT strategies provide an efficient response even to radical uncertainty or unknown unknowns that are challenging to address with probabilistic methods. RDOT could be incorporated into decision theory using workflows, multi-objective optimization and multi-attribute utility theory. Overall, RDOT represents an overlooked class of versatile responses to uncertainty. Because RDOT strategies do not require precise estimation or forecasting, they are particularly helpful in decision problems affected by uncertainty and for resource-constrained decision making.

Alexander Gutfraind, Vicki Bier

Large language models (LLMs) offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis (PRA) requires exhaustive risk enumeration and quantification, the novelty and complexity of these systems make PRA impractical, particularly against adaptive adversaries. Previous research found that risk management in various fields of engineering such as nuclear or civil engineering is often solved by generic (i.e. field-agnostic) strategies such as event tree analysis or robust designs. Here we show how emerging risks in LLM-powered systems could be met with 100+ of these non-probabilistic strategies to risk management, including risks from adaptive adversaries. The strategies are divided into five categories and are mapped to LLM security (and AI safety more broadly). We also present an LLM-powered workflow for applying these strategies and other workflows suitable for solution architects. Overall, these strategies could contribute (despite some limitations) to security, safety and other dimensions of responsible AI.

José M. Maisog, Wenhong Li, Yanchun Xu et al.

Due to escalating healthcare costs, accurately predicting which patients will incur high costs is an important task for payers and providers of healthcare. High-cost claimants (HiCCs) are patients who have annual costs above $\$250,000$ and who represent just 0.16% of the insured population but currently account for 9% of all healthcare costs. In this study, we aimed to develop a high-performance algorithm to predict HiCCs to inform a novel care management system. Using health insurance claims from 48 million people and augmented with census data, we applied machine learning to train binary classification models to calculate the personal risk of HiCC. To train the models, we developed a platform starting with 6,006 variables across all clinical and demographic dimensions and constructed over one hundred candidate models. The best model achieved an area under the receiver operating characteristic curve of 91.2%. The model exceeds the highest published performance (84%) and remains high for patients with no prior history of high-cost status (89%), who have less than a full year of enrollment (87%), or lack pharmacy claims data (88%). It attains an area under the precision-recall curve of 23.1%, and precision of 74% at a threshold of 0.99. A care management program enrolling 500 people with the highest HiCC risk is expected to treat 199 true HiCCs and generate a net savings of $\$7.3$ million per year. Our results demonstrate that high-performing predictive models can be constructed using claims data and publicly available data alone, even for rare high-cost claimants exceeding $\$250,000$. Our model demonstrates the transformational power of machine learning and artificial intelligence in care management, which would allow healthcare payers and providers to introduce the next generation of care management programs.

Vicki Bier, Alexander Gutfraind

A common problem in risk analysis is to characterize the overall security of a system of valuable assets (e.g., government buildings or communication hubs), and to suggest measures to mitigate any hazards or security threats. Currently, analysts typically rely on a combination of indices, such as resilience, robustness, redundancy, security, and vulnerability. However, these indices are not by themselves sufficient as a guide to action; for example, while it is possible to develop policies to decrease vulnerability, such policies may not always be cost-effective. Motivated by this gap, we propose a new index, defensibility. A system is considered defensible to the extent that a modest investment can significantly reduce the damage from an attack or disruption. To compare systems whose performance is not readily commensurable (e.g., the electrical grid vs. the water-distribution network, both of which are critical, but which provide distinct types of services), we defined defensibility as a dimensionless index. After defining defensibility quantitatively, we illustrate how the defensibility of a system depends on factors such as the defender and attacker asset valuations, the nature of the threat (whether intelligent and adaptive, or random), and the levels of attack and defense strengths and provide analytical results that support the observations arising from the above illustrations. Overall, we argue that the defensibility of a system is an important dimension to consider when evaluating potential defensive investments, and that it can be applied in a variety of different contexts.