Why Behavioral Science Is the Missing Piece of AI Safety
Lessons from Safety by Design at Uber, Match Group, and Beyond
This post is based on my paper published in Harvard Business Review: "Balancing Digital Safety and Innovation."
I’ve spent years studying why people get deceived online. The answer is never just about technology.
People get scammed for many reasons — security systems fail, platforms don’t catch bad actors in time, and enforcement lags behind the speed of fraud. But even when the technology works, people still get deceived. They trust someone they shouldn’t have. They miss a warning. They take a risk they knew was dangerous because, in that situation, the emotional pull felt stronger than the logic against it.
Technology is necessary. But it’s not sufficient. And that gap — between what the system can detect and what human psychology makes us vulnerable to — is where most of the harm happens.”
The Industry’s Expensive Blind Spot
For decades, the default assumption in tech product development has been: ship fast, learn from what breaks. There’s a real logic to this — you can’t anticipate every failure mode before users find them. But this philosophy has a hidden cost that’s becoming harder to ignore.
In March 2026, a jury ordered Meta to pay approximately $375 million in damages — not just for failing to protect children from predators on its platforms, but for actively misleading the public about how safe those platforms were. The verdict wasn’t just about one company’s failures. It was a signal that “we’ll fix it when it becomes a problem” is no longer a legally or ethically viable product strategy.
The shift I’ve been arguing for — and building toward — is straightforward: safety can’t be retrofitted. It has to be designed in from the start. This is the core idea behind Safety by Design.
What Uber’s Delivery Cyclists Taught Me About Human Behavior
In 2020, I joined Uber Japan as Head of Safety. Uber Eats was growing rapidly, and delivery cyclists were making headlines for traffic violations — running red lights, riding without helmets, ignoring pedestrians.
The obvious response would have been stricter rules or more aggressive enforcement. Instead, I started by asking a different question: why do people behave this way even when they know it’s dangerous?
The research revealed two distinct problems. The first was psychological: cyclists under time pressure experience a narrowing of attention. The delivery notification creates urgency. In that moment, the abstract risk of an accident loses out to the immediate pressure of the job. The second was cultural: helmet-wearing simply wasn’t an established norm in Japan at the time. Many cyclists weren’t making a conscious decision to skip the helmet — the habit didn’t exist in the first place. You can’t enforce a behavior that people have never internalized.
This meant that awareness campaigns and stricter rules alone wouldn’t be enough. We needed to build the norm itself. We partnered with police departments across Japan to run in-person traffic safety workshops for delivery cyclists — practical sessions designed to build new habits, not just communicate rules. At the same time, we applied behavioral economics principles to the app itself, building what became the world’s first in-app traffic safety checklist — appearing at the exact moment a courier was about to start a delivery, not before, not after. The friction was minimal. The timing was everything. The feature was later rolled out across multiple Uber markets internationally.
The lesson I took from this wasn’t about any single intervention. It was about the difference between designing for the user you imagine and designing for the user who actually exists — shaped by culture, constrained by time, and reliably human.
Rethinking Safety at Match Group
After Uber, I led the launch of the Safety by Design program at Match Group, the parent company of Tinder, Plenty of Fish, and more than 30 dating apps worldwide. At the time, safety across online platforms followed a common pattern: react, respond, remediate. A talented team could work tirelessly and still be perpetually behind — because the entire system was built around responding to harm rather than preventing it.
We reframed the question. Instead of “how do we respond when something goes wrong,” we asked “how do we make it structurally harder for things to go wrong in the first place?”
One early outcome: Pairs became the first major dating app in the world to require facial verification for all users. It wasn’t a popular decision internally — friction in onboarding is never welcomed by growth teams. But the principle held. Tinder and others eventually followed.
The harder problem was education. Facial verification catches impostors. It doesn’t help users who don’t know romance scams exist — and therefore have no reason to be suspicious when someone takes a sudden romantic interest in them online. Scammers don’t hack systems. They exploit cognitive biases: the need for connection, the tendency to trust people who seem to understand us, the difficulty of believing someone would invest months in a relationship purely to steal from us.
I’ve researched these manipulation tactics in depth and shared findings with the FBI and Google. The consistent conclusion: you cannot protect people from threats they don’t know exist. Awareness is not a soft add-on to safety. It’s a core design requirement.
Safety Doesn’t Constrain Innovation. It Focuses It.
The pushback I hear most often is that embedding safety into product development slows things down. Having built safety programs at Uber and Match Group, I've come to believe the opposite is true.
Companies that take safety seriously are forced to understand their users at a level most product teams never reach. They have to ask not just “what do users want to do” but “what do users actually do, and why do they sometimes do things that harm themselves or others?” That quality of understanding doesn’t just produce safer products. It produces better ones.
Safety is not a cost center. It’s a source of product insight — and, increasingly, a source of competitive advantage. Trust is hard to build and easy to lose. The companies that design for it from day one are building something that can’t be easily replicated.
Why AI Makes This More Urgent, Not Less
As AI systems become more capable, the temptation is to assume that better technology will solve safety problems that worse technology couldn’t. I think this gets the problem backwards.
Most AI failures aren’t purely technical. They emerge at the intersection of AI capability and human behavior. People overtrust AI-generated outputs. They fail to notice when an AI is confidently wrong. And increasingly, bad actors use AI not to break systems but to manipulate the people using them — more convincing scam messages, more sophisticated social engineering, more personalized deception at scale.
The more powerful AI becomes, the more the risk surface shifts toward human psychology. Which means the more important it becomes to design AI systems around how people actually think, decide, and err — not around how we wish they would.
The future of AI safety will depend not only on better models, but also on a deeper understanding of how people think, decide, and behave.
Next time, I’ll draw on a keynote I delivered at the United Nations to explore what it actually takes to build AI safety that works in the real world — not just technically, but behaviorally.
If this resonated, I’d love to hear your thoughts in the comments. And if you know someone working on AI safety, product design, or trust and safety, feel free to share.
Tomomi, this is a timely message given the pro-innovation posture of the federal government. The default thinking is that pro-safety is anti-innovation. Your work proves it is possible and imperative to ask “how do we make it structurally harder for things to go wrong in the first place?” an integral part of the product design life cycle. We should protect US leadership in innovation but we should protect its users equally.