Interesting project targeting a very important problem, I enjoyed reading this!

I think it would have been valuable if you would have provided a definition of what you mean by manipulation (as distinct from benign influence/support) in a way that is based on agent behavior rather than prompt, perhaps considering that the line between malicious manipulation and benign influence is not always clear cut. I suspect there is an important discussion to be had there around what it means for AI assistants to "enhance" our decision-making, and that there might inevitably exist a tradeoff between even benign assistants helpfulness and the autonomy of the user.

Another thing I reacted on is that the malicious assistants are prompted to be purely adversarial, which seems unlikely for realistic scenarios. While this might seem like a reasonable simplification, I suspect that this prompting might affect the displayed behaviour and strategies quite a bit, and that the results therefore might be less informative for more realistic scenarios.

An example of a simple but very realistic adjustment would be if the "misaligned" agent was optimizing for engagement, which seems like it could lead to manipulation (e.g. for relationship advice, it might give advice that leads to the user becoming more dependent on further advice rather than advice that leads to a happy and unproblematic relationship). I do recognize of course that finding an informative setup with this kind of prompting might take longer and could be hard to do during a hackathon!

Another small thing is that I would have wanted to see a bit more about the core methods in the main paper (e.g. 3.2 could have been more fleshed out and not point to everything in the appendix).

Overall I think this project is very cool and I would hope that you keep working on these directions after the Hackathon!