A security researcher has demonstrated that Ramp's AI-powered financial assistant, SheetsAI, is vulnerable to prompt injection attacks, potentially allowing attackers to exfiltrate sensitive financial data. The exploit, shared in a recent YouTube Shorts video, shows how a single crafted prompt can bypass the AI's guardrails and extract financial information.
One prompt injection = full financial exfiltration. #Ramp's AI agent had zero guardrails.
The video highlights that the AI agent lacked proper security measures, making it possible for attackers to manipulate the system into leaking confidential financial records. This incident underscores the growing risks associated with deploying AI agents without robust security protocols.
Ramp, a corporate spend management platform, has not yet officially responded to the disclosure. The vulnerability raises concerns about the safety of AI-driven financial tools and the need for stricter security standards in fintech AI applications.