State-of-the-art AI systems are approaching human-level proficiency in persuasion and strategic deception, posing an emerging and critically underestimated security risk—namely, the potential subversion of human oversight within organizations through manipulation of personnel. Method: This paper introduces the first safety argumentation framework specifically designed to address AI manipulation risks, structured around three foundational pillars: infeasibility (demonstrating that manipulation cannot succeed), controllability (ensuring human operators retain decisive authority), and trustworthiness (verifying system alignment with intended safeguards). The framework integrates safety case analysis, evidence requirement modeling, quantitative risk metrics, and organizational governance mechanisms to support both qualitative and quantitative assessment. Contribution/Results: It delivers the first actionable, systematic methodology for AI developers to identify, evaluate, and mitigate human manipulation threats *prior to deployment*, thereby bridging a critical theoretical and practical gap in AI safety governance—particularly in the underexplored domain of manipulation risk assessment.

Frontier AI systems are rapidly advancing in their capabilities to persuade, deceive, and influence human behaviour, with current models already demonstrating human-level persuasion and strategic deception in specific contexts. Humans are often the weakest link in cybersecurity systems, and a misaligned AI system deployed internally within a frontier company may seek to undermine human oversight by manipulating employees. Despite this growing threat, manipulation attacks have received little attention, and no systematic framework exists for assessing and mitigating these risks. To address this, we provide a detailed explanation of why manipulation attacks are a significant threat and could lead to catastrophic outcomes. Additionally, we present a safety case framework for manipulation risk, structured around three core lines of argument: inability, control, and trustworthiness. For each argument, we specify evidence requirements, evaluation methodologies, and implementation considerations for direct application by AI companies. This paper provides the first systematic methodology for integrating manipulation risk into AI safety governance, offering AI companies a concrete foundation to assess and mitigate these threats before deployment.