A newly identified critical vulnerability dubbed GrafanaGhost has been used by attackers to silently extract sensitive enterprise data from Grafana environments, according to Noma's Threat Research Team. The exploit bypasses client-side protections and AI guardrails, enabling unauthorized data transfers to external servers without requiring user interaction or login credentials.
Grafana, widely used for monitoring and analytics, often stores highly sensitive information including financial metrics, infrastructure health data and customer records, making it an attractive target for attackers seeking valuable operational insights. GrafanaGhost operates by chaining together multiple weaknesses in both application logic and AI behaviour, with attackers manipulating how Grafana processes inputs and using indirect prompt injection to render hidden instructions.
The findings highlight a broader shift in cybersecurity risks as attackers focus on AI-driven systems and indirect prompt injection techniques, rather than traditional software flaws. Security teams are urged to move beyond application-layer toggles to network-level URL blocking and to treat prompt injection as a primary threat rather than an edge case.