Episode Details
Back to Episodes![Ghosted by Grafana [Research Saturday]](https://megaphone.imgix.net/podcasts/39b4c002-5601-11f1-b164-0fe7ef35bb1e/image/95b72a93c2ffaf8ff900d662a9bd3735.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Ghosted by Grafana [Research Saturday]
Description
Today we are joined by Sasi Levi, Security Research Lead at Noma Security, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques.
The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers increasingly target AI behavior and weak security controls instead of traditional software bugs.
The research and executive brief can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices