>heyMHK

digital garden

Risk Dimension Model

2 min read

Risk Dimension Model

Overview

A four-axis framework for characterizing where and how GAI risks manifest. Rather than treating risks as monolithic, this model unpacks them along dimensions that inform different measurement and mitigation strategies.

The Four Dimensions

1. Lifecycle Stage

When in the AI lifecycle does the risk arise?

  • Design: Risks embedded in problem formulation, capability selection, use case scoping
  • Development: Training data choices, model architecture, fine-tuning approaches
  • Deployment: Integration context, access controls, user interfaces
  • Operation: Runtime behavior, drift, user interactions over time
  • Decommissioning: Data retention, dependency management, user transition

Some risks manifest at a single stage; others compound across stages.

2. Scope

At what level does the risk operate?

  • Model/System: Risks inherent to a specific model or implementation. Can often be addressed through technical interventions.
  • Application: Risks that emerge in specific use cases or implementations. The same model may be safe in one application, dangerous in another.
  • Ecosystem: Risks that transcend individual systems or organizations. Includes algorithmic monocultures, impacts on labor markets, erosion of public trust in information. Cannot be addressed by any single actor.

Mitigations must match scope. Model-level interventions won’t address ecosystem-level risks.

3. Source

Where does the risk originate?

  • Model Factors: Architecture, training mechanisms, capability limitations (e.g., confabulation)
  • Input Factors: Training data quality, retrieval-augmented sources, user prompts
  • Output Factors: Generated content characteristics, presentation, distribution
  • Human Factors: Abuse, misuse, unsafe repurposing, interaction patterns

The majority of high-consequence risks originate from human factors, not model factors.

4. Time Scale

Over what period do risks materialize?

  • Immediate: Real-time harm upon generation or interaction (e.g., dangerous recommendations, privacy leaks)
  • Extended: Cumulative effects over time (e.g., societal trust erosion, labor market disruption, model collapse from synthetic data accumulation)

Extended risks are harder to measure and often lack clear attribution.

When to Use

When scoping risk assessments, designing monitoring systems, or allocating risk management resources. The model helps avoid the trap of treating all risks as equivalent, different positions along these dimensions call for different approaches.

Practical Application

For any identified risk, ask:

  1. At which lifecycle stages must we intervene?
  2. Is this a model, application, or ecosystem concern?
  3. Does the risk originate from the model, inputs, outputs, or human behavior?
  4. Do impacts materialize immediately or accrue over time?

The answers determine whether technical controls, governance processes, user education, or cross-sector coordination is the appropriate response.

Related: 05-molecule—gai-risk-taxonomy

Properties

typemolecule
subtypeframework
statusevergreen
domain05-ai-mechanisms
createdJan 3, 2026

Graph view

Backlinks