The real issue for fintech specifically is that exfiltrating financial data is a much bigger deal than leaking your todo list. Ramp handles corporate spend data. That is the last place you want prompt injection to be a known risk for months.