Safety, Security, and Cognitive Risks in State-Space Models: A Systematic Threat Analysis with Spectral, Stateful, and Capacity Attacks

Computer Science > Cryptography and Security [Submitted on 4 Apr 2026] Safety, Security, and Cognitive Risks in State-Space Models: A Systematic Threat Analysis with Spectral, Stateful, and Capacity Attacks Manoj Parmar State-Space Models (SSMs) -- structured SSMs (S4, S4D, DSS, S5), selective SSMs (Mamba, Mamba-2), and hybrid architectures (Jamba) -- are deployed in safety-critical long-context applications: genomic analysis, clinical time-series forecasting, and cybersecurity log processing. Their linear-time scaling is compelling, yet the security properties of their compressed-state recurrent architectures remain unstudied. We present the first systematic treatment of SSM safety, security, and cognitive risks. Seven contributions: (1) Formal threat framework -- SSM Attack Surface (five layers), State Integrity Violation (StIV), Cross-Context Amplification Ratio \mathcal{X}_\mathcal{S}, and a Spectral Sensitivity Proposition grounded in the H_\infty norm. (2) Three novel attack classes: spectral adversarial attacks (transfer-function gain exploitation), delayed-trigger stateful backdoors (activate thousands of steps after injection), and state capacity saturation (entropy flooding forces silent forgetting). (3) 14 MITRE ATLAS technique extensions across the full tactic chain. (4) Six-profile attacker taxonomy with kill chains for genomics, clinical, and cybersecurity domains. (5) Four cognitive risk hypotheses grounded in state-compression mechanics. (6) Governance-aligned mitigations mapped to CREST, NIST AI 600-1, and EU AI Act. (7) Empirical evaluation: targeted genomic injection achieves \mathrm{StIV}=0.519 vs. 0.086 random (6.0\times, p<0.001); PGD state injection achieves 156\times output perturbation over random; SSD-structured extraction confirmed at O(N^2) vs. O(N^3) query complexity (N\times speedup). Validation on pretrained checkpoints is detailed in the Appendix. Comments: 32 pages, 22 tables, NeurIPS 2026 submission format. Appendix contains theoretical analysis and future experimentation plans Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computation and Language (cs.CL); Machine Learning (cs.LG); Optimization and Control (math.OC) ACM classes: I.2.0; K.6.5; C.2.0 Cite as: arXiv:2604.16424 [cs.CR]   (or arXiv:2604.16424v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.16424 Focus to learn more Submission history From: Manojkumar Parmar [view email] [v1] Sat, 4 Apr 2026 13:08:38 UTC (40 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs cs.AI cs.CL cs.LG math math.OC References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)