This paper completes the geometry layer of the DeMase adversary taxonomy for capacity-limited recursive systems. It introduces and formally proves two new attack classes that operate directly on the viability manifold Ω_τ rather than on signals, routing, timing, or estimation processes. Class 9 (Bifurcation Adversary) alters boundary curvature to induce a topological disconnection of Ω_τ, permanently stranding agents in non-viable sub-basins under the Velocity Mismatch Criterion (VMC). Class 10 (Basin Deformation Adversary) shifts the attractor without affecting local system metrics, causing agents to converge toward a stale objective while all standard monitors remain nominal. Corresponding detection mechanisms—CURVATUREALARM and BASINALARM—are derived, along with a dual detection signature unique to bifurcation events. The paper further formalizes Temporal Pre-Decision Simulation Corruption (G4d), showing that detection requires cross-channel observational rank ≥ 2, and proves Class 12 (Estimation Spoofing), an observer-layer attack that biases contraction estimates to inflate perceived integration capacity. In high-dimensional systems, this attack produces exponential variance amplification via matrix concentration failure, detectable only through cross-domain inconsistency (ESTIMATIONALARM). Finally, the work establishes a complete bijection between adversary classes and protocol layers, providing a unified structural foundation for subsequent extensions in communication, thermodynamics, and cross-scale navigation.
Joseph DeMase (Mon,) studied this question.