By Trond Arne Undheim · Yegii R&D Lab
We analyze risk one box at a time. Cybersecurity sits in one report, supply chain in another, climate in a third, geopolitics in a fourth. Each is owned by a different team, scored on a different scale, escalated through a different chain. It is tidy. It is also incomplete — because the risks that hurt most are precisely the ones that refuse to stay in their box.
A ransomware attack on a pipeline becomes a fuel shortage becomes a run on gas stations. A flood in Thailand becomes a global shortage of hard drives. A drought becomes a food-price spike becomes a wave of unrest. The damage is rarely in the first domain the trigger lands in. It is in the third, fourth, and fifth domains the shock travels to while everyone is still looking at the first.
Today I’m launching a tool built around that observation: CREF Atlas, the interactive companion to the Cascading Risk Effects Framework.
What CREF is
CREF — the Cascading Risk Effects Framework — is a grammar for how systemic risk propagates across domains rather than within them. It works across six: science & technology, governance, economy, society, environment, and health. The core claim is simple to state and surprisingly hard to operationalize: a cascade is a sequence of effects in which each step hands force to the next, often crossing a domain boundary as it goes.
The framework decomposes any cascade into a small set of roles a factor can play — trigger, amplifier, dampener, and so on. The important and frequently misunderstood part is that these roles are relative, not fixed. A factor that amplifies a shock in one cascade dampens it in another, and the same factor can switch roles between the early and late stages of a single event. Across the evidence base, most factors play more than one role depending on where they sit in the chain. That is not a flaw in the model; it is the reason cascades are hard to govern. You cannot pre-assign “the dampener” — it depends on the pathway.
What the Atlas gives you
CREF Atlas turns that framework into something you can actually use. It runs on the Cascade Evidence Base (CEB): 296 risk factors, 1,371 evidence-anchored edges, and 336 worked cases spanning historical events, current situations, and prospective scenarios. Every edge carries provenance; every case is traceable to its sources. The design is visual, but the point is auditability.
If you want one place to start, open the 2008 financial crisis case and follow the chain from mortgage defaults to interbank stress to the governance response — it’s the cleanest illustration of a shock crossing domain after domain.
Concretely, you can:
- Browse the cases. Each one is a worked instantiation of the framework against a real or projected event — what triggered it, how it propagated, where it was absorbed or amplified, and what the evidence says.
- Follow a cascade. Trace a pathway from its trigger across domain boundaries to its downstream effects, with the mechanism and the causal sign of each hop made explicit.
- Find the weak links. The Atlas surfaces where a cascade has few absorbers, where intervention points sit, and who might own a given lever.
- Enter from your own vantage point. There are direct on-ramps for risk professionals, policy makers, and students — the same corpus, framed for what each needs to do with it.
Open by design
The notation underneath the Atlas is open. CREF-Lang is a domain-specific language and reference compiler for cross-domain cascade-risk notation — it expresses how risk moves across the six domains as composable, parseable, machine-checkable pathway expressions. In other words, a cascade stops being a paragraph of prose and becomes something you can write down precisely, parse, and check. The repository is on GitHub, with a citable, versioned release archived on Zenodo.
Making the notation open matters for the same reason the evidence base is auditable: a framework that asks you to trust its conclusions about systemic risk has to show its work.
The framework, the Atlas, and CREF-Lang are open and free to use. Separately, the Yegii R&D Lab does applied work for organizations that want CREF brought to bear on their own exposures — mapping a real risk register into cascade pathways, stress-testing a portfolio, or running a cascade-review workshop. The open layer stands on its own; the applied layer (see Apply) is there for those who need it.
Where it comes from
CREF traces back to the Stanford Existential Risks Initiative and the Center for International Security and Cooperation, beginning with the Stanford Cascading Risk Study. It is now developed in the Yegii R&D Lab, where the framework is maintained, coded against the evidence base, and built into the interactive companion you can now use at cref-atlas.com.
What I’m asking
This is a release candidate, not a finished monument. The case layer is strong and the evidence discipline is real, but a framework like this only improves through use and challenge. If you work in risk, policy, research, or teaching, I would value your reaction: what’s useful, what’s missing, and — especially — where it’s wrong. The cases are open to scrutiny precisely so that scrutiny can make them better.
Explore it here: cref-atlas.com
How to cite — APA: Undheim, T. A. (2026). CREF Atlas v3.11.29. https://cref-atlas.com/
The Yegii, Inc. R&D Lab builds risk and innovation insight tools and platforms for the business professional disoriented by technological disruption. We focus on three kinds of professionals — executives, strategists, and analysts — and work especially with the financial sector and other regulated industries, while also addressing the distinct challenges of the technology sector.
