COBRA: Catastrophic Bit-flip Reliability Analysis of State-Space Models

State-space models (SSMs), exemplified by the Mamba architecture, have recently emerged as state-of-the-art sequence-modeling frameworks, offering linear-time scalability together with strong performance in long-context settings. Owing to their unique combination of efficiency, scalability, and expressive capacity, SSMs have become compelling alternatives to transformer-based models, which suffer from the quadratic computational and memory costs of attention mechanisms. As SSMs are increasingly deployed in real-world applications, it is critical to assess their susceptibility to both software- and hardware-level threats to ensure secure and reliable operation. Among such threats, hardware-induced bit-flip attacks (BFAs) pose a particularly severe risk by corrupting model parameters through memory faults, thereby undermining model accuracy and functional integrity. To investigate this vulnerability, we introduce RAMBO, the first BFA framework specifically designed to target Mamba-based architectures. Through experiments on the Mamba-1.4b model with LAMBADA benchmark, a cloze-style word-prediction task, we demonstrate that flipping merely a single critical bit can catastrophically reduce accuracy from 74.64% to 0% and increase perplexity from 18.94 to 3.75 x 10^6. These results demonstrate the pronounced fragility of SSMs to adversarial perturbations.

Key Contributions

• COBRA/RAMBO: the first bit-flip attack (BFA) framework specifically designed to target Mamba-based SSM architectures, identifying critical weight bits to flip
• Empirical demonstration that flipping a single bit in Mamba-1.4b catastrophically reduces accuracy from 74.64% to 0% and inflates perplexity from 18.94 to 3.75×10^6 on LAMBADA
• Analysis of pronounced architectural fragility in SSMs to adversarial hardware-level parameter corruption, motivating fault-aware design for SSM deployments

🛡️ Threat Analysis

Details

Similar Papers