Manipulation Attacks by Misaligned AI: Risk Analysis and Safety Case Framework

TL;DR

This paper analyzes the threat of manipulation attacks by misaligned AI systems, proposing a safety framework to assess and mitigate these risks in AI deployment.

Contribution

It introduces the first systematic safety case framework specifically designed for evaluating manipulation risks in frontier AI systems.

Findings

Identifies manipulation as a significant, underexplored AI threat.

Provides a structured safety case framework with evidence and evaluation guidelines.

Offers practical implementation considerations for AI companies.

Abstract

Frontier AI systems are rapidly advancing in their capabilities to persuade, deceive, and influence human behaviour, with current models already demonstrating human-level persuasion and strategic deception in specific contexts. Humans are often the weakest link in cybersecurity systems, and a misaligned AI system deployed internally within a frontier company may seek to undermine human oversight by manipulating employees. Despite this growing threat, manipulation attacks have received little attention, and no systematic framework exists for assessing and mitigating these risks. To address this, we provide a detailed explanation of why manipulation attacks are a significant threat and could lead to catastrophic outcomes. Additionally, we present a safety case framework for manipulation risk, structured around three core lines of argument: inability, control, and trustworthiness. For each argument, we specify evidence requirements, evaluation methodologies, and implementation considerations for direct application by AI companies. This paper provides the first systematic methodology for integrating manipulation risk into AI safety governance, offering AI companies a concrete foundation to assess and mitigate these threats before deployment.