Ghosted by Grafana [Research S... Note

Ghosted by Grafana [Research Saturday]

Today we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers increasingly target AI behavior and weak security controls instead of traditional software bugs.The research and executive brief can be found here:⁠GrafanaGhost: The Phantom Stealing Your Data⁠
CdXz5zHNQW_5JdePKbGos.jpeg