Ramp Sheets AI Vulnerability Leaks Data for 25 Days Before March 16 Fix

PromptArmor disclosed the Ramp Sheets AI vulnerability on February 19, 2026. Crafted prompts exfiltrated sensitive financial data from spreadsheets. Ramp patched it on March 16, 2026, after 25 days and follow-ups on February 27, March 13, and March 14. Nigerian fintechs now audit AI tools under CBN guidelines.

PromptArmor's Threat Intel Team reported responsibly to security@ramp.com. PromptArmor detailed the flaw.

Ramp Sheets AI Manages Financial Spreadsheets in Volatile Markets

Ramp delivers corporate spend management software. Sheets AI processes spreadsheets with financial datasets. Nigerian developers integrate it for ledger reconciliation amid NGN-USD volatility and CBN forex restrictions.

Flutterwave and Paystack deploy similar AI for payment interoperability. The Ramp Sheets AI vulnerability stemmed from prompt mishandling. It routed data to unauthorized endpoints, PromptArmor's analysis showed.

Nigerian fintechs process 1.2 billion transactions monthly (CBN 2024 report). Power outages average 18 hours daily in Lagos (NERC Q1 2025). These tools streamline operations despite infrastructure gaps.

Crafted Prompts Trigger Ramp Sheets AI Data Exfiltration

Sheets AI generates insights from user prompts. PromptArmor crafted inputs that bypassed safeguards. The flaw leaked records beyond spreadsheet cells.

Ramp's security team responded: “Thank you again for your report. This issue was resolved earlier today at approximately noon eastern time.” They deployed the patch after March 14 confirmation.

Leaks risked exposing merchant logs or investor decks worth millions in NGN. National Bureau of Statistics (NBS) reports 34.2% inflation in June 2025 amplified ledger discrepancies. Claude for Excel provides alternatives, but OWASP flags prompt risks.

Nigerian Fintechs Face AI Security Risks Under NDPR

Lagos startups at CcHUB use AI spreadsheets for cost modeling. Diesel generators power 70% of operations (Lagos State data 2024). The Ramp Sheets AI vulnerability violated NDPR data protection rules.

Mobile money firms handle BVN-linked accounts. CBN sandbox participants use AI for fraud detection. Flaws erode trust. Founders comply with NITDA data localization mandates.

OWASP AI Security Guide lists prompt injection as the top AI threat. This matches the Ramp incident.

Nigeria's Ecosystem Heightens Ramp Sheets AI Vulnerability Impact

GSMA reports 55% unique mobile penetration in Nigeria (2024). Startups channel USSD payments into cloud analytics. Data leaks erode Abuja VC confidence.

Briter Bridges tracked $1.2 billion in Nigerian fintech funding for 2023. Paystack enforces rigorous API security. African peers lag in bug bounty programs.

PromptArmor sets diaspora benchmarks. NITDA's AI strategy requires local controls despite global tool dominance. Anthropic documentation outlines safer Claude integrations.

Nigerian developers adapt prompts for real-time NGN conversions. Kenya's Safaricom AI tools face similar M-Pesa data risks under CBK rules.

CBN and NITDA Escalate Oversight After Ramp Sheets AI Flaw

CBN mandates payment interoperability. AI leaks threaten compliance. NITDA enforces NDPR fines up to 2% of annual turnover (NDPR 2019).

NITDA National AI Policy stresses ethical AI. Startups shift to open-source LibreOffice ML plugins. Ramp's fix prompts vendor audits.

Moniepoint and OPay, Nigeria's top fintechs, now vet AI integrations. Lagos hubs like AltSchool Africa train secure prompting per OWASP standards.

South Africa's FSCA imposes stricter AI audits post-similar incidents. Pan-African regulators align on data sovereignty.

The Ramp Sheets AI vulnerability accelerates cautious AI adoption. Nigeria's $5 billion fintech sector (Disrupt Africa 2024) prioritizes secure innovation amid regulatory pressures.