This work systematically evaluates the vulnerability of Mamba-style state space models (SSMs) to hardware-level bit-flip attacks (BFAs). To address this, we propose the first BFA-optimized framework tailored for Mamba architectures, integrating memory fault modeling with gradient-based parameter importance analysis. We conduct targeted single-bit perturbation experiments on the LAMBADA cloze task. Results demonstrate that flipping just one weight bit in the Mamba-1.4b model reduces accuracy from 74.64% to 0% and increases perplexity from 18.94 to 3.75×10⁶—a surge exceeding six orders of magnitude. This study is the first to expose severe reliability vulnerabilities of SSMs under hardware faults, establishing a critical security benchmark for trustworthy AI systems and opening new avenues for hardware-aware robustness mitigation.

State-space models (SSMs), exemplified by the Mamba architecture, have recently emerged as state-of-the-art sequence-modeling frameworks, offering linear-time scalability together with strong performance in long-context settings. Owing to their unique combination of efficiency, scalability, and expressive capacity, SSMs have become compelling alternatives to transformer-based models, which suffer from the quadratic computational and memory costs of attention mechanisms. As SSMs are increasingly deployed in real-world applications, it is critical to assess their susceptibility to both software- and hardware-level threats to ensure secure and reliable operation. Among such threats, hardware-induced bit-flip attacks (BFAs) pose a particularly severe risk by corrupting model parameters through memory faults, thereby undermining model accuracy and functional integrity. To investigate this vulnerability, we introduce RAMBO, the first BFA framework specifically designed to target Mamba-based architectures. Through experiments on the Mamba-1.4b model with LAMBADA benchmark, a cloze-style word-prediction task, we demonstrate that flipping merely a single critical bit can catastrophically reduce accuracy from 74.64% to 0% and increase perplexity from 18.94 to 3.75 x 10^6. These results demonstrate the pronounced fragility of SSMs to adversarial perturbations.