The model files.

Oil Wildcatter — Influence Diagram

Howard & Matheson (1981). A wildcatter must decide whether to drill, run a seismic test first, or abandon. Three node types: chance (Oil, Seismic Result), decision (Test, Drill), and utility (Profit). Open it, change the test cost, and watch the optimal decision strategy shift. The purest worked example of VOI on the site.

Homepage Model — Causes, Mechanisms, Outcomes

Six nodes, eight links, three layers. A good starting point: open it, set evidence on a cause, and watch the outcomes update. The model on the homepage.

Property Insurance Portfolio

Climate trend, storm frequency, and surge level drive hazard. Building age, construction era, code compliance, material condition, elevation, and soil type drive vulnerability. Claims severity, portfolio loss, adverse selection, and reinsurance cost are the consequences. Encodes the key disagreement — building age versus construction era as the causal driver — and shows how a 15% rate increase backfires through adverse selection.

Supply Chain — Hidden Correlations

Rare earth export policy, port congestion, and semiconductor demand spike are common causes that the scorecard treats as independent. Traces from initiation through component shortage, buffer depletion, subassembly halt, to total financial impact including delayed warranty liability from rushed alternate suppliers. The case study for why correlation-based risk scoring fails under stress.

Utility Grid Reliability

Fault initiation (weather, vegetation, equipment), protection response (relay coordination), load transfer (pre-event loading, tie switches), cascade dynamics (network topology), and consequence (customers affected, critical loads, restoration time). Includes intervention nodes for vegetation management and automation investment. Supports the do-calculus question: what does each capital investment actually buy in terms of reliability?

Retiring Underwriter

Route complexity, driver tenure, fleet maintenance, and regulatory environment flow through accident frequency, mechanical failure rate, and compliance exposure to drive claims frequency, severity, expected loss, and loss ratio. The model captures what the underwriter knows but the spreadsheet cannot represent — and makes it permanent.

Coastal Property — Register to Graph

Climate trend drives sea level and storm surge. Building age drives material condition and code compliance. All flows through flood damage and claim severity to portfolio loss and reinsurance cost. Shows the rate adequacy feedback loop that creates adverse selection. The worked example for the From Register to Graph page.

GDPR Compliance Risk

Seven compliance mechanism nodes — Lawful Basis, Consent Quality, Technical Safeguards, DPIA, Breach Risk, Rights Compliance, Transfer Compliance — connect upstream organizational factors to Overall Compliance, Data Breach, Supervisory Action, and Fine Amount. Approximately 200 CPT parameters. The model that answers: what investment in which compliance mechanism most reduces expected fine exposure?

Fault Propagation — Diagnostic Reasoning

Equipment Condition (Good / Degraded / Failed), Weather Severity, and Vegetation Proximity jointly determine Fault Probability via a scored CPT. Fault Probability then drives Cascade Risk and Outage Severity independently. Run it forward: given prior conditions, what is P(Critical outage)? Run it backward: given a Critical outage, what does P(Equipment=Failed) update to? The same model answers both questions — this is the core argument of the diagnostic-reasoning page.

Operational Risk — Six-Node BN

The canonical operational risk decomposition in Bayesian form. Control Effectiveness reduces event frequency; Process Complexity and Staff Experience jointly affect both frequency and severity. Fix Control to Low and watch Expected Loss shift to the right. Fix Process to High and watch both intermediate nodes respond. The model supports: annual loss distribution, KRI sensitivity analysis, scenario stress testing, RCSA grounding, and control investment prioritisation — without a separate tool for each.

Gated Bayesian Network — Regime Switching

Market Regime (Normal / Stressed / Crisis) is the gate node. It has directed edges to Volatility, Credit Spread, and Liquidity, each with different CPTs conditional on regime. All three converge on Loss Exposure. In Normal regime: Volatility Low(61.8%), Loss Exposure Low(59.9%). Set Regime to Crisis: Volatility High(75%), Loss Exposure High jumps to approximately 70%. The graph structure does not change — only the active parameter set does. This is the defining feature of gated Bayesian networks.

Wildfire Liability — Register to Causal Graph

This model is the register-to-graph argument made executable. Weather Severity, Equipment Condition, and Vegetation State are three rows in any wildfire risk register. As nodes with directed edges, they produce Ignition Probability through three causal paths and Containment Difficulty through two. Ignition and Containment jointly drive Liability Exposure. Set Equipment to Failed: Ignition High jumps from 12% to approximately 55%. Set Vegetation to Contact as well: Liability High reaches approximately 75%. The register scores each row independently. The model computes the joint effect.

Interconnected Risk Cascade — Cross-Network Propagation

Cyber Incident and Physical Asset Failure are independent root causes with ten directed edges between them and five downstream nodes. Cyber feeds Operational Disruption, Financial Loss, and Reputational Damage directly; Physical feeds Operational Disruption and Supply Chain Disruption. Financial and Reputational jointly drive Regulatory Action. Prior state: Regulatory Enforcement at 10.3%. Set Cyber to Major: Enforcement rises to approximately 45%. The risk register holds seven rows. This model holds the ten arrows between them — and those arrows are where the tail risk lives.

FAIR Information Risk — Complete FAIR Ontology

The standard FAIR Monte Carlo model samples Threat Capability and Control Strength independently. This model connects them: Threat Community Size and Contact Frequency jointly determine Threat Event Frequency; Threat Capability and Control Resistance Strength jointly determine Vulnerability; TEF and Vulnerability jointly determine Loss Event Frequency. On the loss side, Productivity Loss Potential and Response Cost Potential jointly determine Primary Loss; External Stakeholder Sensitivity and LEF jointly determine Secondary Loss Frequency; Primary Loss and Secondary Loss Frequency jointly determine Loss Magnitude. LEF and Loss Magnitude converge on Risk Exposure. Prior state: Risk Exposure High at approximately 17%. Set Control Resistance Strength to High and Threat Capability to Low: Risk Exposure High falls to under 4%. Set both to their worst values: Risk Exposure High exceeds 60%. This is the difference between FAIR as a spreadsheet and FAIR as a causal model.