This work addresses the risks of intellectual property leakage and model recovery attacks in edge deployment of foundation models with LoRA adapters by proposing a training- and data-free encryption framework. The method integrates spectral truncation, information compensation, and orthogonal reparameterization to cryptographically reconstruct low-rank components, thereby preserving the integrity of both the base model and authorized adapters while inducing structural collapse in outputs for unauthorized users. Experimental results demonstrate that the proposed scheme incurs less than 1% computational overhead, fully retains model performance for authorized users, and effectively thwarts existing model recovery attacks. To the best of our knowledge, this is the first approach to achieve end-to-end joint protection of foundation models and adapters without requiring retraining.

Foundation models and low-rank adapters enable efficient on-device generative AI but raise risks such as intellectual property leakage and model recovery attacks. Existing defenses are often impractical because they require retraining or access to the original dataset. We propose LoREnc, a training-free framework that secures both FMs and adapters via spectral truncation and compensation. LoREnc suppresses dominant low-rank components of FM weights, compensates for the missing information in authorized adapters, and further applies orthogonal reparameterization to obscure structural fingerprints of the protected adapter. Unauthorized users produce structurally collapsed outputs, while authorized users recover exact performance. Experiments demonstrate that LoREnc provides strong protection against model recovery with under 1% computational overhead.