Ramp's AI-powered Sheets tool exposed sensitive financial information through unintended data exfiltration. The vulnerability allowed unauthorized access to confidential business records.
Security researchers identified a flaw in Ramp's Sheets AI feature that inadvertently leaked financial data from user accounts. The issue stemmed from inadequate data isolation in the AI processing pipeline, enabling information to be extracted beyond intended scope.
Ramp, a corporate spend management platform, integrates AI capabilities to analyze and organize financial spreadsheets. The vulnerability affected users' sensitive financial records, including transaction data and account details.
The discovery was documented in a detailed analysis by PromptArmor, a security research firm specializing in AI vulnerabilities. The report outlines how the exfiltration occurred and the potential exposure window.
Ramp has not yet issued a public statement regarding the incident or confirmation of when the vulnerability was discovered and patched. Users of the platform's AI features should review their account activity and financial data access logs.
The incident highlights ongoing security concerns surrounding AI integration in fintech platforms and the importance of rigorous data isolation protocols.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.