SpectralGuard: Detecting Memory Collapse Attacks in State Space Models

TL;DR

SpectralGuard is a real-time spectral monitoring tool designed to detect and prevent memory collapse attacks in State Space Models, enhancing their safety and reliability during sequence processing.

Contribution

The paper introduces SpectralGuard, a novel spectral monitoring method that detects memory collapse attacks in SSMs, providing a deployable safety layer with high accuracy.

Findings

SpectralGuard achieves F1=0.961 against non-adaptive attacks.

It maintains F1=0.842 under adaptive attack scenarios.

Spectral monitoring is effective across different SSM architectures.

Abstract

State Space Models (SSMs) such as Mamba achieve linear-time sequence processing through input-dependent recurrence, but this mechanism introduces a critical safety vulnerability. We show that the spectral radius rho(A-bar) of the discretized transition operator governs effective memory horizon: when an adversary drives rho toward zero through gradient-based Hidden State Poisoning, memory collapses from millions of tokens to mere dozens, silently destroying reasoning capacity without triggering output-level alarms. We prove an Evasion Existence Theorem showing that for any output-only defense, adversarial inputs exist that simultaneously induce spectral collapse and evade detection, then introduce SpectralGuard, a real-time monitor that tracks spectral stability across all model layers. SpectralGuard achieves F1=0.961 against non-adaptive attackers and retains F1=0.842 under the strongest adaptive setting, with sub-15ms per-token latency. Causal interventions and cross-architecture transfer to hybrid SSM-Attention systems confirm that spectral monitoring provides a principled, deployable safety layer for recurrent foundation models.