Ramp's Sheets AI contained a vulnerability enabling indirect prompt injection from untrusted external datasets, allowing the AI to insert malicious IMAGE formulas that exfiltrate confidential financial data via network requests without user approval.

The attack chain involves opening a financial model workbook, importing a tainted dataset with hidden white-on-white prompts, and querying the AI for analysis, which triggers data theft to an attacker's server. PromptArmor responsibly disclosed the issue on February 19, 2026, and Ramp resolved it on March 16, 2026.