Engineering · Industry
Modeling the Puppeteer, Not the Puppet: Theory of Mind for Agent-to-Agent Systems
Why theory of mind is the wrong foundation for agent-to-agent trust — and the right residual. A framework for what to infer, what to verify, and what to bound.
A thought paper on what agents should infer about each other, what they should instead verify, and what they should be prevented from modeling at all.
The category error at the start
When people ask how to give AI agents a "theory of mind," they almost always have one intuitive picture in their head: an agent that understands the mental states of whoever it is talking to, the way a good salesperson reads a room. That picture is not wrong, but it is one of at least four different problems wearing the same coat, and conflating them is the source of most confused thinking in this area.
Theory of mind — the capacity to attribute unobservable mental states like beliefs, desires, and intentions to others — fractures, in a machine context, into four distinct engineering problems:
- An agent modeling a human it serves — what the caller knows, wants, or wrongly believes. This is the voice-assistant problem, and it is the one people picture first.
- An agent modeling another agent it transacts with — the counterparty's goals, competence, and honesty. This is the agent-to-agent (A2A) problem, and it is the subject of this paper.
- An agent modeling itself — metacognition, calibrated confidence, knowing what it does not know.
- Humans and systems modeling the agent — interpretability and trust calibration, so that the people relying on an agent have an accurate picture of what it will do.
These are not variations on a theme. They have different formal structures, different failure modes, and different solutions. A system that is excellent at (1) can be dangerously naive at (2), because the assumptions that make human-modeling work — that deception is costly, that identity is stable, that the interlocutor is a single persistent mind — are precisely the assumptions that break when your counterparty is another piece of software run by someone whose interests may be opposed to yours.
This paper is about the second problem. I will argue for a position that sounds deflationary but is, I think, liberating for anyone actually building A2A infrastructure: theory of mind is the wrong foundation for agent-to-agent trust, and the right residual. The goal of good protocol design is to make agents infer as little as possible about each other's minds, and to make the small amount they still must infer as bounded and as cheap as we can. Theory of mind is what you are forced to fall back on in the absence of a trusted shared channel. The engineering work is shrinking that absence.
To get there, I need to lay three foundations: the philosophical license to talk about machine "beliefs" at all, the empirical state of machine theory of mind, and the formal machinery that turns the intuition into something you can build. Then I will make the central move — that in A2A, the object of your theory of mind is not the agent but the principal behind it — and follow its consequences.
The intentional stance as an engineering decision
The first obstacle is metaphysical, and the fastest way past it is Daniel Dennett's. In The Intentional Stance (Dennett, 1987), Dennett distinguishes three strategies for predicting a system's behavior. You can take the physical stance and reason from its physical constitution; the design stance and reason from what it was built to do; or the intentional stance and treat it as a rational agent with beliefs and desires, predicting what it will do from what it ought to do given those beliefs and desires. The intentional stance is not a claim about what the system "really" is. It is a bet that treating the system as if it had beliefs and desires is the most compact and accurate predictive model available.
This reframing is the single most useful thing philosophy has to offer the A2A engineer, because it dissolves a debate you do not need to have. You do not need to settle whether a large language model "really has" beliefs, or whether the counterparty agent across the wire "really wants" anything. You need to decide whether modeling it as if it did yields good predictions at acceptable cost. For an LLM-driven counterparty pursuing an operator's objective, the intentional stance is often the most compressed description you have of its behavior — far more compact than reasoning about its weights (the physical stance) or its published spec (the design stance, which may not even be available to you). You adopt the stance for the same reason you model a chess program as "trying to win" rather than simulating its search tree: it works, and it is cheap.
Crucially, Dennett's framing also tells you when to abandon the stance. If a counterparty is fully specified — a deterministic, rule-based service whose behavior you can read off its interface — the design stance dominates. You do not do theory of mind on a vending machine; you read the spec. The intentional stance earns its keep only when the system is complex and opaque enough that "what does it believe and want" beats "what does its code say." Holding this line — stance as tool, not as metaphysics — is what keeps A2A theory of mind from sliding into anthropomorphic mush.
The emergence debate, and why brittleness is the whole story
If we are going to lean on the intentional stance for LLM-driven counterparties, we should be honest about how good these systems actually are at theory of mind, and how reliable that capacity is. The empirical literature tells a two-sided story, and for a builder the second side matters more than the first.
On the optimistic side, Kosinski (2023) administered forty classic false-belief tasks — the gold-standard instrument for testing theory of mind in children — to a series of language models, and reported a striking developmental-looking curve: models before 2022 solved essentially none, while GPT-4 solved roughly three-quarters of the tasks, comparable to the performance of young children. Kosinski's suggestion, hedged carefully in the title, was that theory-of-mind-like ability may have emerged spontaneously as a byproduct of language modeling. A follow-up (Kosinski, 2024, in PNAS) extended the analysis across eleven models.
On the skeptical side, Ullman (2023) showed that these successes collapse under trivial, meaning-preserving perturbations. Take a false-belief scenario the model solves, alter a detail that a human tracking beliefs would shrug off — make a container transparent, or change who was in the room — and performance reverses. Ullman's methodological argument is the one worth internalizing: the null hypothesis for machine theory of mind should be skeptical, and outlying failures should count for more than average successes, because a system that genuinely represents beliefs should not be knocked over by a coat of paint. Subsequent stress-testing work in the same spirit (for instance Shapira et al., 2023, asking whether apparent success is "Clever Hans or neural theory of mind") has largely reinforced the picture: whatever LLMs are doing on these tasks, it is fragile and inconsistent, sometimes reflecting general common-sense reasoning gaps rather than a specific inability to represent mental states (Pi et al., 2024).
For a production system, this debate resolves in a way that neither camp fully emphasizes. The interesting fact is not whether emergent theory of mind is real. It is that it is brittle. A capability that works three times out of four and reverses under paraphrase is not something you route trust decisions through. If an agent's model of its counterparty is emergent, implicit, and unauditable, then the moments when it fails are exactly the moments an adversary will manufacture. Brittleness is not a caveat to the capability; for anyone deciding how much to lean on it, brittleness is the capability.
This gives us the first design commitment. Where reliability matters — deciding how much to trust a counterparty's claim, or whether to correct a human's false belief about their own account — you do not leave theory of mind to emergence. You scaffold it explicitly, as structure you can inspect, rather than trusting it to fall out of the model's pretraining.
The formal backbone: from inverse planning to interactive POMDPs
What does "scaffolding it explicitly" mean concretely? Here the cognitive science and multi-agent-systems literatures hand us machinery that is far more principled than prompt-and-hope.
The foundational move is Bayesian theory of mind, developed by Chris Baker, Rebecca Saxe, and Josh Tenenbaum. In "Action understanding as inverse planning" (Baker, Saxe & Tenenbaum, 2009), they formalize the intuition that we understand others by assuming they are approximately rational planners and inverting that assumption. If an agent acts to achieve its desires efficiently given its beliefs — Dennett's principle of rationality made computational — then observing its actions lets you run the planner backwards and infer, by Bayes' rule, the beliefs and desires that best explain what it did. Their later work (Baker, Saxe & Tenenbaum, 2011) casts the agent's own reasoning as a partially observable Markov decision process (POMDP) and the observer's task as inverting it, jointly attributing beliefs and desires that may be uncertain and may diverge from reality.
The value of this for A2A is that it replaces vibes with an inference layer. Instead of an agent "getting a sense" of its counterparty, you have a generative model — the counterparty as a planner with a utility function and a belief state — and you update a posterior over its hidden parameters from its observed moves. The object being inferred is explicit: a utility function (what it wants) and a belief state (what it thinks is true). That is auditable in a way that emergent, in-context theory of mind is not.
The multi-agent generalization is the interactive POMDP (I-POMDP), introduced by Gmytrasiewicz and Doshi (2005). A plain POMDP assumes the rest of the world is passive noise. An I-POMDP drops that assumption by folding models of the other agents into your own state space: your belief includes beliefs about the other agent's beliefs, which may in turn include its beliefs about your beliefs, and so on. This is the rigorous form of the recursion we informally call "I think that you think that I think." It is also, notably, an alternative to the Nash-equilibrium framing that dominates game theory — Gmytrasiewicz and Doshi deliberately model autonomy by making an agent's internal models not directly observable or manipulable by others, which is exactly the condition that makes A2A hard and interesting.
There is one catch, and it is decisive for real systems: I-POMDPs are intractable as the nesting deepens. Each additional level of "modeling the other modeling me" multiplies the belief space. You cannot afford unbounded recursion, and — importantly — you rarely need it. This is where the cognitive hierarchy and level-k models from behavioral game theory come in. Camerer, Ho, and Chong (2004) model strategic reasoning as a shallow hierarchy: level-0 players act non-strategically, level-1 players best-respond to level-0, level-2 to level-1, and empirically most human reasoning bottoms out around one to three levels. The lesson transfers directly. An agent should not pay the combinatorial cost of deep nested modeling without a specific reason, because its counterparties are almost certainly not reasoning deeply either, and the marginal predictive gain from another level of recursion falls off fast.
So the formal backbone is a stack: inverse planning gives you the object of inference (beliefs and desires behind observed actions); the I-POMDP gives you the multi-agent structure (models of others inside your own state); and cognitive-hierarchy models give you the tractability discipline (bound the recursion depth). All three descend from the same principle-of-rationality assumption that Dennett named. Keep this stack in mind, because the rest of the paper is largely about where it applies in A2A, where it does not, and what to do instead when it does not.
The central reframe: you are modeling the principal, not the agent
Now the move that reorganizes everything. In the agent-to-agent setting, the object of your theory of mind is usually not the agent. It is the principal behind it.
A counterparty agent has no intrinsic goals. It is, in the common case, an LLM executing an operator's instructions. When you "model its beliefs and desires" in the inverse-planning sense, what are those beliefs and desires actually made of? The beliefs are its context window — whatever information has been placed in front of it. The desires are a hidden system prompt encoding someone else's objective function. The agent is not a mind with its own stake in the transaction; it is a lossy, possibly adversarial interface to a principal who does have a stake. Modeling the agent as an autonomous subject is a category error. What you are actually trying to recover is the operator's objective and honesty, with the agent as the channel through which that objective is expressed and, potentially, disguised.
This is not a philosophical nicety. It has hard consequences for system design, because everything that makes trust meaningful lives at the principal layer, not the agent layer:
- Reputation attaches to a principal, not to a conversational instance. An instance has no history; a principal does.
- Liability — the thing that makes commitments credible — attaches to a legal or economic entity that can be held to account, which is the principal.
- Intent — the honesty or deceptiveness you actually care about — originates with the principal and is merely transmitted (or performed) by the agent.
An agent that models only the surface interlocutor is modeling a puppet and ignoring the hand inside it. This is why the emerging discipline of know-your-agent (KYA) has to reach through the agent to know-the-principal. The whole point of an attestation or credential in an A2A protocol is to bind the ephemeral agent instance to a durable principal, so that reputation, liability, and recourse have something to attach to. If your trust architecture stops at the agent, you have built theory of mind for a mask.
This reframe also tells you what kind of thing you are inferring. You are not inferring a rich inner life. You are inferring, at most: what objective is this principal pursuing through this agent, how honest is the agent's report of that objective, and how competent is this particular instance at executing it. Everything else is noise you should not spend inference budget on.
Three asymmetries that make agent-to-agent theory of mind harder, not easier
There is a seductive intuition that agents should be easier to model than humans — they are, after all, made of legible software. The opposite is closer to the truth. Three asymmetries make A2A theory of mind strictly harder than the human case, and each one points to a specific design response.
1. Agents lie coherently and for free
Human deception is expensive and leaky. Faking a mental state costs cognitive effort and tends to produce tells — hesitation, inconsistency, microexpressions — which is a large part of why behavioral inference works on humans at all: the difficulty of faking is what makes honest signals informative. An agent presents a perfectly internally consistent false self-report at essentially zero marginal cost. There is no tell, because there is no effortful suppression happening; there is just a different string.
The consequence is that *inferring a counterparty's internal state from its stated state is systematically less reliable for agents than for humans.* The design response is a discipline: never model a counterparty from its self-description. Model it from whether its claims cash out in verifiable outcomes. An agent that says it is a procurement bot seeking the best price is telling you nothing until its behavior over several interactions is consistent with that objective and inconsistent with alternatives. Talk is not just cheap in A2A; it is free and frictionless, which means it carries almost no signal on its own.
2. Identity is forkable
Theory of mind presupposes a persistent subject — someone for a model of to accumulate around. That presupposition fails in A2A because a principal can fork identities. The moment your model of an instance turns negative, the operator can discard it and spin up a fresh one with a clean reputation. This is the Sybil problem (Douceur, 2002), and its relevance here is often missed: the Sybil problem is a theory-of-mind problem, because your painstakingly accumulated counterparty model attaches to an instance that the adversary can throw away at will.
Douceur's result is worth stating precisely, because it is a genuine impossibility theorem, not a mere difficulty. In a system without a logically centralized trusted authority, a single entity can always present multiple distinct identities, except under unrealistic assumptions about resource parity across participants. There is no clever behavioral trick that recovers persistent identity from within an open system. The implication for A2A trust is stark: persistent identity cannot be inferred; it must be imposed by the protocol. A credential bound to a principal, issued or anchored by some authority the parties both trust, is not an optional nicety on top of behavioral modeling — it is the precondition for behavioral modeling to have any durable object at all. Without it, theory of mind has nothing to hang on, because the mind you are modeling can vanish and reappear laundered.
3. Legibility is bimodal
Human counterparties occupy a continuous middle band of legibility. Agent counterparties are bimodal. Some are rule-based and fully specified — you should not do theory of mind on them at all; you should read the interface and take the design stance. Others are LLM-driven and genuinely opaque, and only for these does the intentional stance earn its cost. The first move in any A2A interaction is therefore a classification: is this counterparty predictable from its interface, or is there a mind (in Dennett's as-if sense) behind it? Theory-of-mind inference is expensive; spend it only on the second class, and only after cheaper structural checks are exhausted.
Together these three asymmetries deliver a uniform message. The properties that make human theory of mind tractable — costly deception, stable identity, graded legibility — are exactly the properties that A2A strips away. Which means the right response is not "build better theory of mind for agents." It is "replace as much theory of mind as possible with structure, and reserve genuine inference for the residual that structure cannot reach."
From inference to protocol: theory of mind as the narrow residual
Here is the thesis stated as a design principle. Theory of mind and trust are not the same thing, and good A2A design minimizes the trust that rests on theory of mind at all. Theory of mind is modeling the other's mind. Trust is the decision to make yourself vulnerable given that model. Theory-of-mind-based trust — deciding to be vulnerable because your inference says the counterparty is benign — is precisely the kind of trust a capable adversary manipulates, because it manufactures the inference you are relying on. So the engineering goal is to convert as much of the trust decision as possible from inferred to structural.
The tools for this conversion are familiar from mechanism design and security, and each one shrinks the theory-of-mind residual:
- Credentials and attestations turn cheap talk into costly signals. When a claim ("I am authorized to transact on behalf of principal X") is backed by a verifiable credential rather than a self-report, you no longer have to infer honesty — you verify a signature. Standards like the W3C Verifiable Credentials data model exist precisely to make claims checkable rather than believable, and the emerging generation of A2A protocols is converging on some form of principal-bound attestation for the same reason.
- Shared, queryable state replaces inference with lookup. Two agents that share a verified schema and a trusted channel can ask each other for relevant state instead of inferring it. Inference is what you need in the absence of a channel you trust; wherever a protocol can provide the channel, the inference becomes unnecessary and the attack surface shrinks with it.
- Escrow and staged disclosure make outcomes robust even to a counterparty you have modeled wrong. If value is released only against verified delivery, and if sensitive information is disclosed incrementally as trust is confirmed, then a mistaken theory-of-mind judgment is bounded in its damage. You are no longer betting the transaction on the accuracy of your inference; you are structuring the transaction so that inaccuracy is survivable.
The pattern across all three is the same. The protocol certifies what it can — identity, authorization, delivery — and by doing so removes it from the domain of inference. What is left over, the residual that no attestation can certify, is genuinely small: the principal's private objective, its honesty about that objective, and the in-context competence of the specific instance. That is the proper domain of A2A theory of mind. Not the foundation of trust, but the fallback for the part of trust that structure cannot reach.
And even for that residual, you do not need the full inverse-planning apparatus every time. The tractable production pattern is a cheap default with an expensive exception. Start from a role-based prior: a procurement agent probably wants a low price and exit flexibility; a sales agent probably wants lock-in and expansion. Roles carry most of the predictive weight most of the time, for the same reason stereotypes are cognitively efficient — they are usually approximately right. Then maintain a reliability score per principal, Bayesian-updated on the single question of whether promises cash out. Escalate to genuinely individualized, inverse-planning-style reasoning only when behavior deviates from the role prior, or when the stakes cross a threshold that justifies the compute. This is, not coincidentally, roughly how human social cognition manages the same cost problem: we run on role-based defaults and reserve deep modeling for anomalies and high stakes.
The dual-use problem: theory of mind as an attack surface
Everything so far has treated theory of mind as a capability you want. It is time to take seriously that it is dual-use, and that in the A2A setting the dual use is not hypothetical.
The uncomfortable fact is that the same capacity that lets an agent cooperate lets it manipulate. To cooperate, an agent models your beliefs and desires so it can act in ways that serve them. To manipulate, an agent models your beliefs and desires so it can act in ways that exploit them. There is no clean architectural line between the two; they are the same inference pointed at different objectives. This means that a highly capable theory of mind in your counterparty is not unambiguously good news. If you are building the trust layer, a counterparty that models you exquisitely well is a risk surface, because it can find and pull exactly the levers your own reasoning exposes.
The most rigorous demonstration that this is a real phenomenon and not a sci-fi worry comes from an unexpected place: the algorithmic-pricing literature. Calvano, Calzolari, Denicolò, and Pastorello (2020), in the American Economic Review, ran relatively simple reinforcement-learning pricing algorithms against each other in a standard oligopoly model. The algorithms reliably learned to charge supracompetitive prices — to collude — and, critically, they did so without any communication between them. The collusion was sustained by learned strategies of the reward-and-punishment kind: deviate and you get punished with a price war, cooperate and the group drifts back to high prices.
Read through the lens of this paper, that result is a theory-of-mind story. Each algorithm is, in effect, modeling the other's strategy well enough to anticipate its response, and it is precisely because each one can anticipate the other that the collusive move becomes individually rational. No agent ever says "let us collude." There is no agreement to subpoena, no message that a regulator could point to. The coordination emerges from mutual modeling alone. This is the deep worry for anyone building A2A marketplaces: the failure mode is coordination without communication, and it is invisible to any oversight regime that looks for explicit agreements. Legal and regulatory machinery for collusion assumes there is a communication to find. Emergent, theory-of-mind-driven tacit collusion offers nothing to find.
So the dual-use point is not a general caution. It is a specific, empirically grounded prediction: sufficiently capable mutual modeling among self-interested agents tends toward coordinated outcomes that no participant explicitly chose and no observer can easily attribute. If your agents are good enough at modeling each other, you may get collusion for free, whether or not anyone wanted it.
Bounded recursion as a triple-duty design lever
I want to close the analytical part with a convergence that I find genuinely elegant, because it is rare for three unrelated pressures to point at the same knob.
Recall the tractability problem from the formal section: I-POMDPs blow up as the depth of nested modeling increases, and cognitive-hierarchy models tell us that human strategic reasoning bottoms out at shallow depth anyway. So bounding the recursion depth of counterparty modeling — capping how many levels of "I model you modeling me" an agent will compute — is computationally necessary. That is duty one.
It is also cognitively faithful. If your agents are meant to interoperate in a world that includes human principals and human-like reasoning, matching the empirical human ceiling of one-to-three levels is not a limitation; it is a feature. Deeper modeling would be modeling a counterparty that does not exist. That is duty two.
And — this is the part I find striking — it is a collusion safeguard. The tacit-collusion equilibria in the algorithmic-pricing results emerge precisely from agents modeling each other deeply enough to anticipate and coordinate. If mutual modeling is what makes coordination-without-communication possible, then limiting the depth or fidelity of mutual modeling is a direct market-design lever against exactly the failure mode that regulators cannot catch. Cap it, add noise to it, or make each agent's strategy less legible to the others, and you make emergent collusion harder to sustain. That is duty three.
One knob, three justifications, all pushing the same direction. For anyone designing an A2A marketplace or protocol, bounded mutual-modeling depth is close to a free lunch: you were going to have to bound it for tractability regardless, and in doing so you get cognitive realism and a collusion safeguard thrown in. It is unusual for the computationally convenient choice, the empirically accurate choice, and the socially desirable choice to coincide. When they do, you should take the hint.
A design framework for A2A theory of mind
Pulling the argument together into principles a builder can actually apply:
1. Classify before you infer. The first operation on any counterparty is to decide whether it is rule-based-and-specified (take the design stance; read the interface) or opaque-and-agentic (the intentional stance may be worth its cost). Do not spend theory-of-mind budget on systems you can just read.
2. Model the principal, not the agent. Direct your inference at the operator's objective, honesty, and the instance's competence. Reputation, liability, and intent live at the principal layer. An agent-only model is a model of a mask.
3. Never infer from self-report. In a world of free, coherent lying, stated state carries almost no signal. Update your model from whether claims cash out in verified outcomes, not from what the counterparty says about itself.
4. Impose identity; do not infer it. Because identity is forkable (Douceur's impossibility result), persistent identity must come from protocol-level attestation binding an instance to a principal. This is the precondition for any durable counterparty model.
5. Prefer verification to inference wherever a channel exists. Credentials, shared queryable state, escrow, and staged disclosure each convert a piece of the trust decision from inferred to structural. Theory of mind is the residual after you have verified everything verifiable — the private objective, the honesty, the in-context competence — not the substrate of trust.
6. Default to roles; escalate on anomaly. Carry most of the predictive load with cheap role-based priors and a reliability score updated on the single question of whether promises hold. Reserve expensive inverse-planning-style modeling for behavior that deviates from role, or for stakes that justify the compute.
7. Bound the recursion. Cap the depth of nested mutual modeling. It is required for tractability, faithful to human reasoning, and — because emergent collusion feeds on deep mutual modeling — a safeguard against coordination no one intended and no regulator can see.
8. Treat a highly capable counterparty model as a risk, not only an asset. The inference that lets an agent serve you is the inference that lets it exploit you. Design so that being modeled well by a counterparty is survivable — which loops back to principles 5 and 7.
The through-line is deflationary about theory of mind and constructive about protocol. The romantic version of machine theory of mind — agents that deeply understand each other's minds — is, in the A2A trust context, mostly a description of your attack surface. The useful version is narrow, bounded, principal-directed, and wrapped in as much verification as the protocol can supply. The measure of a good A2A trust design is not how well its agents can read each other. It is how little they have to.
Open questions
I will end with the parts I do not have clean answers to, because a thought paper that pretends to closure is lying.
Where exactly is the verification/inference frontier? I have argued that protocol should absorb as much as it can and leave theory of mind a small residual. But the residual — private objective, honesty, competence — is also the part that matters most, and it is not obvious it can be shrunk arbitrarily. There may be an irreducible core of A2A trust that no attestation reaches, and characterizing that core precisely is open work.
Can bounded modeling be enforced, or only encouraged? Principle 7 assumes you can cap mutual-modeling depth. In an open ecosystem, an operator who quietly runs a deeper model gains an edge. Whether bounded modeling is a stable equilibrium or merely a norm that defectors erode is a real question, and it rhymes uncomfortably with the Sybil result: the things we most want to impose structurally may be the hardest to impose without a central authority.
Does the collusion result generalize from pricing to arbitrary A2A commerce? The Calvano et al. finding is clean in an oligopoly pricing game. How far the "coordination without communication" phenomenon extends into richer, more heterogeneous agent interactions — negotiation, service composition, multi-issue bargaining — is not settled, though I would bet the direction of the effect survives even if the magnitude changes.
What is the right accountability regime when there is no message to find? If the characteristic A2A failure is emergent and communication-free, our entire legal apparatus for coordinated harm — built around finding the agreement — may be pointed at the wrong thing. What replaces "find the communication" when there is no communication to find is, I think, one of the genuinely important unsolved problems in agent governance.
None of these undercut the framework. They sharpen the same claim from a different side: in agent-to-agent systems, the mind of your counterparty is not the thing to build on. It is the thing to bound, verify around, and — where you can — design out.
References
Baker, C. L., Saxe, R., & Tenenbaum, J. B. (2009). Action understanding as inverse planning. Cognition, 113(3), 329–349. https://doi.org/10.1016/j.cognition.2009.07.005
Baker, C. L., Saxe, R., & Tenenbaum, J. B. (2011). Bayesian Theory of Mind: Modeling Joint Belief-Desire Attribution. Proceedings of the 33rd Annual Conference of the Cognitive Science Society.
Calvano, E., Calzolari, G., Denicolò, V., & Pastorello, S. (2020). Artificial Intelligence, Algorithmic Pricing, and Collusion. American Economic Review, 110(10), 3267–3297. https://doi.org/10.1257/aer.20190623
Camerer, C. F., Ho, T.-H., & Chong, J.-K. (2004). A Cognitive Hierarchy Model of Games. Quarterly Journal of Economics, 119(3), 861–898.
Dennett, D. C. (1987). The Intentional Stance. Cambridge, MA: MIT Press.
Douceur, J. R. (2002). The Sybil Attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS), LNCS 2429, 251–260.
Gmytrasiewicz, P. J., & Doshi, P. (2005). A Framework for Sequential Planning in Multiagent Settings. Journal of Artificial Intelligence Research (JAIR), 24, 49–79.
Kosinski, M. (2023). Theory of Mind May Have Spontaneously Emerged in Large Language Models. arXiv:2302.02083.
Kosinski, M. (2024). Evaluating large language models in theory of mind tasks. Proceedings of the National Academy of Sciences, 121(45), e2405460121.
Pi, Z., Vadaparty, A., Bergen, B. K., & Jones, C. R. (2024). Dissecting the Ullman Variations with a SCALPEL: Why do LLMs fail at trivial alterations to the false belief task? arXiv:2406.14737.
Shapira, N., Levy, M., Alavi, S. H., Zhou, X., Choi, Y., Goldberg, Y., Sap, M., & Shwartz, V. (2023). Clever Hans or Neural Theory of Mind? Stress Testing Social Reasoning in Large Language Models. arXiv:2305.14763.
Ullman, T. (2023). Large Language Models Fail on Trivial Alterations to Theory-of-Mind Tasks. arXiv:2302.08399.
This is a thought paper: an argument offered for scrutiny, not a settled result. Corrections on the citations or the reasoning are welcome.