Ramp's Sheets AI Exfiltrates Financials
takira
125 points
39 comments
April 29, 2026
Related Discussions
Found 5 related stories in 100.0ms across 8,303 title embeddings via pgvector HNSW
- OpenAI Cap Table leak reveals Microsoft's 18x return diehunde · 20 pts · April 04, 2026 · 57% similar
- How we hacked McKinsey's AI platform mycroft_4221 · 420 pts · March 11, 2026 · 52% similar
- Meta Pauses Work with Mercor After Data Breach Puts AI Industry Secrets at Risk srameshc · 11 pts · April 03, 2026 · 50% similar
- Snowflake AI Escapes Sandbox and Executes Malware ozgune · 239 pts · March 18, 2026 · 50% similar
- Sam Altman Attack Suspect Had 'Anti-AI' Document with CEO Names JumpCrisscross · 18 pts · April 13, 2026 · 50% similar
Discussion Highlights (8 comments)
renewiltord
So we know Claude’s mitigation. What is Ramp’s? Same warning dialog? It’s funny that this technology only admits in-band signaling. Given that, any foreign content is risky. It’s actually quite interesting that the current technological ecosystem is built around a high trust situation: npm, pip, cargo all run foreign code in the developer context and communities have norms of downloading random people’s modules. And so I suppose it’s no surprise that we use LLMs - another tech that is high-trust: since it has no out of band signaling ability. But it seems like we’re very close to the end of the era where someone will use (in a sensitive system) arbitrary web content carrying the equivalent of merged code/data.
carlyai
"The PromptArmor Threat Intel Team responsibly disclosed this vulnerability to Ramp. Ramp's security team indicated that the issue was resolved on May 16, 2026." I think they mean March here
Mr-Frog
It's kinda awesome that after decades of software and hardware advancements to prevent computers from arbitrarily executing data as instructions, we've decided to let agents arbitrarily execute data as instructions.
bpt3
What about this is a vulnerability, let alone one that requires responsible disclosure? Untrusted data sources can provide data that causes bad things to occur. If that's a vulnerability, then any application that ingests data is riddled with vulnerabilities. I agree that the behavior should change from a default of allowing external network requests to denying them, but this "report" reads like overly dramatic marketing BS.
mcontrac
Find it funny that PromptArmor needed to reach out 3 times in a row to get a nearly month-late response that the issue "was resolved"
ragall
I once read about the signalling view of advertising, meaning it's used to show that a company is so prosperous that it can afford spending a lot of money in advertising. In the same way, I think from now on, as much as possible, I'll only buy from companies that will publicly make it a point not to use AI internally. AI use should brand companies as desperate and unreliable.
pentagrama
Concidentially, today I was watching and interview with a lead designer from Ramp who is telling about how they are full ia, agents and automation https://youtu.be/KPDXMtmkcgk
sergiomattei
Why is Ramp even building a sheets product? That's the question zero that popped up to my head.