First Systematic Security Analysis Reveals Critical Vulnerabilities in State-Space AI Models

A groundbreaking study has exposed significant safety and security vulnerabilities in State-Space Models (SSMs), a class of AI architectures increasingly deployed in high-stakes applications. These models, including structured variants like S4, S4D, DSS, and S5, selective architectures such as Mamba and Mamba-2, and hybrid systems like Jamba, are used for genomic analysis, clinical time-series forecasting, and cybersecurity log processing due to their efficient linear-time scaling. The research introduces the first comprehensive framework for analyzing SSM risks, identifying five layers of attack surfaces. Three novel attack classes were developed: spectral adversarial attacks that exploit transfer-function gains, delayed-trigger stateful backdoors that activate thousands of steps after injection, and state capacity saturation attacks. The paper establishes formal metrics including State Integrity Violation (StIV) and Cross-Context Amplification Ratio (X_S), with theoretical foundations in the H∞ norm through a Spectral Sensitivity Proposition. Despite their computational advantages, the compressed-state recurrent architectures of SSMs present previously unstudied security properties that could compromise safety-critical systems. The work was published as arXiv:2604.16424v1 with a cross-announcement type, representing a systematic treatment of cognitive risks alongside safety and security concerns.