GoKawiilThis vulnerability was responsibly disclosed to Ramp, and Ramp’s security team has indicated the issue was resolved on March 16, 2026.
Ramp's Sheets AI is an agentic product that helps users operate on spreadsheets, comparable to Claude for Excel. The feature can edit spreadsheets without a human-in-the-loop and was vulnerable to data exfiltration risks due to its ability to insert formulas that trigger external communication.
Ramp’s security team has indicated that, following our report, the issue was resolved. We appreciate Ramp’s dedication to maintaining a strong AI security posture and addressing vulnerabilities as they arise. Further details on the responsible disclosure are at the end of the article.
In this article, we demonstrate that an indirect prompt injection concealed in an untrusted, externally sourced dataset could trigger the exfiltration of confidential financial data from the user’s workspace by manipulating Ramp’s AI to insert a malicious formula. No user approval is required.
PromptArmor identified a very similar risk in Claude for Excel – details on the remediations applied by Anthropic are at the bottom of the article.
The PromptArmor Threat Intel Team responsibly disclosed this vulnerability to Ramp. Ramp's security team indicated that the issue was resolved on March 16, 2026.
Feb 19, 2026 PromptArmor discloses via [email protected]
Feb 27, 2026 PromptArmor follows up
Mar 13, 2026 PromptArmor follows up
Mar 14, 2026 Ramp confirms receipt of report; notes that the initial report was submitted during a transition period between disclosure programs, explaining the delay in initial response.
... continue reading