This paper identifies a novel security vulnerability in non-Euclidean foundation models—particularly hyperbolic space models—arising from geometric curvature-induced asymmetry in representation space: small input perturbations near the hyperbolic boundary induce large, disproportionate shifts in embeddings, evading conventional backdoor detection. Method: The authors propose the first geometry-aware backdoor attack framework, designing adaptive triggers grounded in hyperbolic geometry and introducing a radius-directed pullback strategy to quantify defensive robustness. Contribution/Results: Theoretical analysis and experiments demonstrate that attack success rate increases markedly as samples approach the boundary, while mainstream detection methods suffer sharp performance degradation. This work is the first to systematically uncover “boundary-driven asymmetric vulnerability” in hyperbolic models and establishes a new paradigm for security analysis tailored to non-Euclidean geometric structures.

Non-Euclidean foundation models increasingly place representations in curved spaces such as hyperbolic geometry. We show that this geometry creates a boundary-driven asymmetry that backdoor triggers can exploit. Near the boundary, small input changes appear subtle to standard input-space detectors but produce disproportionately large shifts in the model's representation space. Our analysis formalizes this effect and also reveals a limitation for defenses: methods that act by pulling points inward along the radius can suppress such triggers, but only by sacrificing useful model sensitivity in that same direction. Building on these insights, we propose a simple geometry-adaptive trigger and evaluate it across tasks and architectures. Empirically, attack success increases toward the boundary, whereas conventional detectors weaken, mirroring the theoretical trends. Together, these results surface a geometry-specific vulnerability in non-Euclidean models and offer analysis-backed guidance for designing and understanding the limits of defenses.