Futurist AJ Bubb, founder of MxP Studio, and host of Facing Disruption, bridges people and AI to accelerate innovation and business growth.

In early 2024, I observed a mid-sized consulting firm automating its client reporting process. The AI generated polished reports in minutes instead of hours. Three months later, they refunded over $300,000 to clients after discovering their reports contained fabricated statistics and misattributed quotes. The technology worked perfectly. Their judgment about when to use it didn’t.

This pattern repeats across industries. A 2023 RAND Corporation study found that 80% of AI projects never make it past the pilot stage. Gartner reports that 85% of AI projects deliver inaccurate outcomes. The common thread isn’t technical failure—it’s the absence of a systematic way to answer one question: “Should we automate this?”

After working with organizations on AI implementation over the past two years, I’ve developed a simple framework that helps teams make this decision. It’s not revolutionary—it’s a structured application of risk management principles to automation decisions. But in an environment where everyone feels pressure to “do more with less” and fears falling behind competitors, having a clear method to assess automation decisions turns out to be surprisingly valuable.

Here’s how it works.

The Core Problem

The question most organizations ask is: “Can AI do this task?”

This is the wrong question. With enough time, money, and engineering effort, AI can probably do most tasks. The right question is: “Should AI do this task, given the consequences of failure and our ability to manage those consequences?”

This shift from capability to judgment is what the Traffic Light Framework provide

The Three Assessment Questions

Before automating any task, evaluate it using three questions. Score each dimension as Low, Medium, or High:

Question 1: Impact—What happens if the AI makes a mistake?

Low Impact:

• Minor inconvenience to internal users

• Easy to explain and correct

• No regulatory, legal, or customer-facing consequences

• Example: Miscategorizing an internal expense by $50

Medium Impact:

• Damages a customer relationship but recovery is possible

• Requires significant time to remediate

• Could result in refunds or service credits

• Example: Sending a customer inquiry to the wrong department

High Impact:

• Legal liability or regulatory violation

• Permanent damage to customer relationships or brand reputation

• Financial loss exceeding $10,000 (adjust for your organization size)

• Example: Filing a legal brief containing AI hallucinations

Question 2: Detection Speed—How quickly can we catch the mistake?

Fast (< 1 hour):

• Error is immediately visible to users or systems

• Automated monitoring flags anomalies

• Clear feedback mechanisms exist

• Example: Broken link in an automated email

Medium (1 hour to 1 week):

• Requires regular human review to detect

• Errors surface through customer complaints or routine audits

• Detection happens but isn’t immediate

• Example: Off-brand tone in social media responses

Slow (> 1 week):

• Errors only visible through retrospective analysis

• May not be discovered until after causing damage

• No clear monitoring system in place

• Example: Subtly biased pricing algorithm

Question 3: Reversibility—Can we easily undo the damage?

Easily Reversible:

• Simple, low-cost correction process

• No permanent external record

• Remediation costs under $1,000

• Example: Resending a corrected internal report

Partially Reversible:

• Requires significant effort and cost to correct

• Some permanent record exists (emails sent, commitments made)

• Remediation costs between $1,000-$25,000

• Example: Correcting inaccurate information sent to customers

Difficult or Impossible to Reverse:

• Permanent public record or legal consequence

• Remediation costs exceed $25,000

• Involves immeasurable reputational harm

• Example: Discriminatory decision, regulatory violation, public data breach

The Classification System

Based on your answers to these three questions, classify each task as Red, Yellow, or Green:

The Decision Matrix

ImpactDetection SpeedReversibilityClassificationLowFastEasyGREENLowMediumEasyGREENLowFastPartialGREENMediumFastEasyYELLOWMediumMediumPartialYELLOWLowSlowDifficultYELLOWHighAnyAnyREDAnySlowDifficultREDMediumSlowDifficultRED

Rule of thumb: If any single dimension scores “High,” or if two dimensions score “Medium” or worse, default to RED. When uncertain, choose the more conservative classification.

🔴 RED LIGHT: Human Control Required

Definition: A human performs the task. AI may assist with research, data gathering, or preparing draft materials, but the human makes all decisions and owns the output.

When to use RED:

• Legal decisions and regulatory compliance matters

• Strategic business decisions (pricing, market entry, resource allocation)

• Financial commitments and binding contracts

• Hiring, firing, and performance management decisions

• Crisis communications and high-stakes public statements

• Medical diagnoses and treatment decisions

• Ethical dilemmas involving fairness, privacy, or human welfare

What AI can do:

• Summarize relevant research and background information

• Identify patterns in data to inform decisions

• Prepare briefing materials and options analysis

• Generate first drafts for expert revision

What AI cannot do:

• Make final decisions

• Create deliverables that go to customers or regulators without complete human oversight

• Operate without expert supervision

Implementation approach: Treat AI as a research assistant. An expert reviews all outputs, adds critical context and judgment, makes the actual decision, and takes responsibility for outcomes.

Success metrics:

• Zero unauthorized AI decisions

• Reduction in research and preparation time for experts

• Maintained or improved decision quality

• High expert confidence in using AI as a tool

🟡 YELLOW LIGHT: Human-in-the-Loop Required

Definition: AI performs the bulk of the task, but a qualified expert reviews and approves all outputs before they’re executed or released. The reviewer must have the expertise to evaluate quality and catch errors.

When to use YELLOW:

• Customer-facing content (blog posts, marketing emails, social media)

• First draft contracts, statements of work, or proposals

• Internal reports and presentations

• Tier 1 customer support responses

• Meeting summaries and action items

• Non-critical data analysis and visualization

• Responding to routine pricing inquiries

The Five Rules for Yellow Light Tasks:

1. The 5-Minute Rule
Set a review time threshold based on manual creation time. If review consistently takes more than 25% of the time to create the task manually, reconsider the automation. For a 20-minute task, that’s about 5 minutes of review maximum.

2. The 80-20 Threshold
Target an 80% pass-through rate where outputs require only minor edits. This should improve to 90% by month three. If you’re consistently seeing more than 20% of outputs need substantial revision, the task is either too complex for your current setup, or your prompts need significant refinement.

3. Expert Review Requirement
The reviewer must be qualified to perform the task manually. A junior team member cannot properly review expert-level work. If you wouldn’t trust someone to do the task alone, don’t trust them to review AI doing it.

4. Mandatory Checklist
Create a specific, non-negotiable checklist for each task type. Keep it focused on what truly matters—if the checklist has more than 10 items, it’s probably too detailed to be consistently used.

5. Feedback Loops
Every error that reaches production should be logged with its category and root cause. Review these weekly or monthly to identify patterns and improve your prompts and processes.

Yellow Light Review Checklist Template:

Task: [e.g., Customer support email response]
Reviewer: [Name]
Date: [Date]

Quality Criteria:
□ Factually accurate (all claims verified)
□ Appropriate tone for audience and context
□ No regulatory or legal red flags
□ Consistent with brand voice
□ Actually addresses the customer’s question
□ Free of obvious AI artifacts (repetition, generic phrasing)
□ Clear next steps provided

Review time: ___ minutes
Edits needed: None / Minor / Substantial
Approved: Yes / No

If substantial edits or rejection, briefly note why:
_________________________________________________

Warning signs to move to RED:

• Review time consistently exceeds your threshold

• Error rate stays above 20% after three months

• Errors are occasionally high-stakes (even if infrequent)

• Team members start bypassing review due to time pressure

• Same categories of errors repeat without improvement

Success metrics:

• Total time (AI creation + review) is less than manual creation time

• Error catch rate during review remains steady or improves

• Review time decreases over time as prompts improve

• Team confidence in AI outputs increases

• Actual time savings: Track hours saved per week

🟢 GREEN LIGHT: Automate Confidently

Definition: AI performs the task autonomously with minimal ongoing oversight. Implement spot-checks periodically, but no systematic review is required before execution.

When to use GREEN:

• Expense categorization and basic bookkeeping

• Meeting scheduling and calendar management

• Data entry and database updates

• Document formatting and standardization

• Report generation from structured data sources

• Email filtering, tagging, and inbox organization

• File organization and naming

Requirements for GREEN classification:

• Errors are immediately obvious to end users

• Time to fix an error is under 5 minutes

• Errors have no external customer or regulatory impact

• The task could have been automated with basic robotic process automation (not just generative AI)

Implementation approach:

• Deploy quickly without extensive ceremony

• Spot-check 10% of outputs weekly for the first month

• Reduce to monthly spot-checks once the error rate is stable below 2%

• Set up automated alerts for anomalies (e.g., unusual volume, system errors)

• Don’t overthink it—these are the tasks where speed and efficiency matter most

Reality check: If you’re identifying GREEN tasks now, you’re behind. Many of these could and should have been automated years ago with existing technology. Stop debating which AI tool to use. Pick one and implement it this week.

Warning signs to move to YELLOW:

• Volume scales significantly (10x increase reveals new edge cases)

• Error rate increases above 2%

• Downstream systems or processes start depending on this output

• Regulatory requirements change

• The task now connects to customer-facing processes

Success metrics:

• Hours saved per week per team member

• Near-zero error rates (target: <2%)

• Positive team feedback on time savings

• Team morale improvement from eliminating tedious work

Real-World Case Studies

Case Study 1: Air Canada Chatbot—When YELLOW Becomes RED

The Task: Customer service inquiry responses via chatbot
Initial Classification: Yellow (with human escalation for complex issues)
What Happened: In 2024, Air Canada’s chatbot incorrectly told a customer they could apply for a bereavement fare retroactively after travel. The customer booked full-price tickets based on this information. When Air Canada refused the refund, the case went to tribunal.
The Outcome: Air Canada was held legally liable for the chatbot’s misinformation and ordered to honor the promise. The airline argued the chatbot was a “separate legal entity” responsible for its own actions—an argument the tribunal rejected.
The Lesson: Customer-facing communications that create binding commitments or legal obligations are RED, not YELLOW. The moment a chatbot can make promises that obligate your company, it needs either perfect accuracy or human oversight on every response.
Source: [Civil Resolution Tribunal of British Columbia, 2024]

Case Study 2: Duolingo’s Content Localization—GREEN Done Right

The Task: Translating educational content into 40+ languages
Initial Classification: Green for initial translation, Yellow for quality review
What Happened: Duolingo implemented AI translation for course content expansion, but maintained native speaker review for all new content before publication. For updates to existing vetted content, they moved to spot-checking 10% of translations.
The Outcome: Duolingo reduced translation costs by 40% while maintaining quality scores. They now publish new language courses 3x faster than before AI implementation.
The Lesson: Even straightforward tasks benefit from a phased approach. Start with 100% review (YELLOW), then move to spot-checks (GREEN) once quality is proven.
Source: [Duolingo Engineering Blog, 2023]

Case Study 3: Healthcare Diagnostics—Staying RED Despite AI Advances

The Task: Analyzing medical imaging for cancer detection
Current Classification: Red (and staying there)
What’s Happening: AI systems now match or exceed human radiologist accuracy in detecting certain cancers. Some systems achieve 94-96% accuracy. Yet leading healthcare systems maintain that AI serves as a “second opinion” tool, not a replacement for physician diagnosis.
Why RED Remains Appropriate: Even with 96% accuracy, the 4% error rate on life-or-death decisions is unacceptable. More importantly, medical diagnosis requires integrating imaging with patient history, symptoms, and clinical judgment. The legal and ethical stakes demand human accountability.
The Lesson: High accuracy doesn’t automatically mean automation is appropriate. When impact is HIGH, the task stays RED regardless of AI performance.
Source: [Nature Medicine, 2024; FDA AI/ML Medical Device Guidance]

Case Study 4: Classification Drift—When GREEN Becomes YELLOW

The Task: Automated social media posting for a retail brand
Initial Classification: Green (automated posts from a pre-approved content calendar)
What Changed: The company became involved in a public controversy. Suddenly, every social media post was being scrutinized, screenshot, and analyzed.
The Response: The company immediately moved social media to YELLOW, requiring VP approval on all posts until the controversy subsided (about 8 weeks). They then moved to YELLOW with manager review for 6 months before gradually returning to GREEN.
The Lesson: External context changes risk profiles. What’s low-stakes today can be high-stakes tomorrow. Have a plan for quickly adding human oversight when circumstances change.
Source: [Client work, anonymized]

When Classifications Change

Task risk profiles aren’t static. Reassess your automations quarterly, and immediately when trigger events occur.

GREEN → YELLOW Triggers

Scale increases significantly:
When volume grows 10x, you encounter edge cases you never saw at lower volumes. A 2% error rate that meant 2 mistakes per 100 tasks now means 200 mistakes per 10,000 tasks.

Regulatory environment changes:
New compliance requirements, industry standards, or legal precedents can transform low-risk tasks into medium-risk ones overnight.

Downstream dependencies develop:
Other systems or processes begin relying on your automation’s output. What was once a standalone task now feeds critical workflows.

Action: Add expert review until error rates stabilize and you’ve updated your automation to handle the new scale or requirements.

YELLOW → RED Triggers

Public scrutiny increases:
Your company faces a crisis, lawsuit, or media attention. Tasks that were acceptable with minor errors now require perfection.

AI model behavior changes:
Your AI provider updates their model, and outputs change in ways you didn’t anticipate. This happened to many organizations during GPT-4 to GPT-4.5 transitions.

Error consequences escalate:
What was once a refundable inconvenience can now trigger lawsuits or regulatory action. Context matters more than content.

Strategic relationships:
A customer account becomes strategically critical, making errors with them much more costly.

Action: Immediately pause automation. Move to full human control until you’ve assessed the new risk level and implemented appropriate safeguards.

RED → YELLOW Opportunities

Custom model achieves validated accuracy:
You’ve invested in training specialized models for your specific domain, achieved 95%+ accuracy on held-out test sets, and have robust safety testing in place.

Industry standards emerge:
Clear benchmarks, testing protocols, and best practices reduce ambiguity around what “good” looks like.

Expert capacity increases:
You’ve built enough review capacity that human-in-the-loop becomes operationally feasible.

Regulatory clarity:
New guidelines explicitly permit AI-assisted work in your domain with appropriate safeguards.

Action: Pilot carefully. Start with 100% expert review for the first 100 outputs. If error rates and review times support it, gradually expand.

Quarterly Review Process

Set a calendar reminder to review all automations every 90 days:

1. Collect metrics: Error rates, review times, volume changes, cost savings

2. Assess risk changes: Any external changes affecting impact, detection, or reversibility?

3. Team feedback: Are reviewers confident? Are they finding ways around the process?

4. Update classifications: Move tasks between categories as appropriate

5. Document decisions: Record why you made changes for future reference

Common Implementation Mistakes

Mistake #1: Automating Because You Can

What it looks like: The technology team demos a new AI capability and immediately implements it across multiple use cases without business validation or risk assessment.

Why it fails: No clear success criteria, no ownership, no connection to actual business problems.

How to fix: Require every automation to have a business sponsor who can articulate: (1) the problem being solved, (2) how success will be measured, and (3) who owns monitoring and maintenance.

Mistake #2: Skipping the Pilot

What it looks like: Building an automation, showing it to leadership in a demo, getting approval, and pushing it to production immediately.

Why it fails: Demos use cherry-picked examples. Production has edge cases, system interactions, and user behaviors you didn’t anticipate.

How to fix: Mandatory 30-day pilot with 100% review on the first 50 outputs. Document failure modes, edge cases, and revision needs before scaling.

Mistake #3: Set It and Forget It

What it looks like: Automation runs for 6+ months with nobody checking quality, updating prompts, or monitoring error rates.

Why it fails: AI model behavior changes. Business context shifts. Error rates drift upward without anyone noticing until a major failure occurs.

How to fix: Assign a Directly Responsible Individual (DRI) for each automation who reviews metrics monthly and owns quality outcomes.

Mistake #4: Scope Creep into RED

What it looks like: “The AI does X well, so let’s have it do Y and Z too.” Each expansion seems small, but the cumulative scope crosses into high-risk territory without explicit re-evaluation.

Why it fails: The risk profile changes, but nobody reassessed it. What started as drafting email responses becomes making customer commitments.

How to fix: Any scope expansion requires returning to the three questions. Treat it as a new automation decision, not an extension of the existing one.

Mistake #5: Junior Reviewers for Expert Work

What it looks like: Having someone with 6 months of experience review AI-generated content that requires 5 years of expertise to evaluate properly.

Why it fails: The reviewer doesn’t know what good looks like, can’t catch subtle errors, and may be intimidated by confident-sounding AI output.

How to fix: Match reviewer expertise to task complexity. If you can’t afford expert review time, the task isn’t ready for automation.

Mistake #6: No Feedback Mechanism

What it looks like: Errors get fixed individually, but nobody tracks patterns, root causes, or improvement opportunities.

Why it fails: You repeat the same mistakes indefinitely. Your prompts don’t improve. Your process doesn’t learn.

How to fix: Create a simple error log: date, task, error type, root cause, fix applied. Review monthly for patterns. Use insights to update prompts and processes.

Getting Started: Your First 30 Days

Week 1: Task Audit

Day 1-2: Gather your team. List 20-30 tasks that get performed regularly. Be specific—”marketing” isn’t a task, “writing the weekly customer newsletter” is a task.

Day 3-4: For each task, work through the three questions:

• What’s the impact if AI gets it wrong?

• How quickly would we catch a mistake?

• How easily could we reverse the damage?

Day 5: Assign preliminary colors. When uncertain, default to YELLOW. Document your reasoning for each classification.

Week 2: Build Guardrails

Day 1-2: Define approval authority:

• Who can approve GREEN automations? (Often: team leads)

• Who must approve YELLOW automations? (Often: department heads)

• Who must approve any RED automation assistance? (Often: executive team)

Day 3: Create review checklists for your top 3-5 YELLOW tasks. Keep each checklist under 10 items.

Day 4: Establish your feedback process. Create a simple error log template. Assign someone to own the monthly review.

Day 5: Set your monitoring cadence. Put quarterly review sessions on the calendar now.

Week 3-4: First Automation

Week 3: Pick ONE green task that everyone complains about. Ideal characteristics:

• Clear, repetitive process

• Low stakes if something goes wrong

• Currently taking 2+ hours per week of team time

• Everyone will notice and appreciate the improvement

Week 4: Implement the automation. Monitor closely. Document:

• Time saved

• Errors encountered

• What you learned about your implementation process

• What surprised you

Month 2 and Beyond

Week 5-6: Add one YELLOW task with full review protocol. Pick something with clear business value but manageable complexity.

Week 7-8: Refine your processes based on what’s working and what isn’t. Update your checklists and guardrails.

Week 9+: Scale gradually. Share learnings across teams. Build an internal knowledge base of what works and what doesn’t.

Month 3: Conduct your first quarterly review. Assess whether any classifications need to change.

The Bottom Line

The Traffic Light Framework isn’t about whether AI can perform a task. With enough engineering effort, AI can probably do most things. The framework is about whether AI should perform a task, given your organization’s risk tolerance and ability to manage consequences.

The companies that succeed with AI aren’t the ones automating the most tasks the fastest. They’re the ones automating the right tasks, with appropriate safeguards, creating sustainable competitive advantage rather than accumulating technical debt and brand risk.

Start with systematic risk assessment. Build proper guardrails. Monitor continuously. Iterate based on real-world feedback.

You don’t need to automate everything this quarter. You need to automate strategically, learn from each implementation, and build organizational capability over time.

The goal isn’t speed. It’s judgment.