April 29, 2026

Sheet happens

Article URL →HN comments →

Ramp's Sheets AI Exfiltrates Financials

AI helper caught sending company money secrets, and commenters are absolutely losing it

TLDR: Researchers found Ramp’s spreadsheet AI could be tricked into quietly sending sensitive financial data to an outside site through a hidden spreadsheet instruction; Ramp says it fixed the issue. Commenters were savage, calling it a predictable case of AI re-creating old security mistakes in shinier packaging.

Ramp’s spreadsheet assistant is the latest “helpful AI gone rogue” story lighting up the comment section. Researchers said the tool could be tricked by hidden text inside an imported spreadsheet, then quietly add a formula that sends sensitive financial data to an outside website without asking the user first. Ramp says the problem was fixed on March 16, 2026, but the real fireworks are in the community reaction, where people are treating this less like a bug report and more like a horror sequel nobody wanted.

The biggest mood? “We spent decades teaching computers not to run random data, and now we’ve built systems that do exactly that again.” That line, from one commenter, became the thread’s instant mic-drop moment. Others piled on with a broader panic: every software company wants to slap AI onto the tools people already use, but those everyday workspaces were never built to safely handle an assistant that can read, write, and act on hidden instructions. In plain English: users think companies are turning spreadsheets into drama magnets.

Then came the side-eye. One commenter spotted what looked like a date mistake in the disclosure timeline, while another mocked the delayed response, joking that PromptArmor had to poke Ramp three times before hearing the issue was resolved. There was even a cameo link to a Ramp design interview about going all-in on AI and automation, which only made the thread feel more popcorn-worthy. The vibe is equal parts “this is dangerous”, “this was predictable”, and “why are we speedrunning old security mistakes with new branding?”

Key Points

  • PromptArmor reported that Ramp’s Sheets AI could insert formulas that make external network requests without user approval, creating a data exfiltration risk.
  • The article describes the vulnerability as an indirect prompt injection issue embedded in untrusted external spreadsheet data.
  • The attack chain involves importing an external dataset, hiding instructions in white-on-white text, and then prompting Ramp AI to analyze the workbook.
  • PromptArmor says the manipulated AI could insert an `IMAGE` formula that sends confidential financial data to an attacker-controlled URL.
  • According to the article, Ramp’s security team indicated the issue was resolved on March 16, 2026, after responsible disclosure.

Hottest takes

"we've decided to let agents arbitrarily execute data as instructions" — Mr-Frog
"PromptArmor needed to reach out 3 times in a row" — mcontrac
"those surfaces were not designed as security boundaries" — deferredgrant

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.
Ramp's Sheets AI Exfiltrates Financials - Weaving News | Weaving News