Ghosted by Grafana

Ghosted by Grafana

From Research Saturday by N2K Networks

May 23, 2026 · 26 min · Season 10 · Episode 426

About this episode

The episode discusses a vulnerability in Grafana that allows attackers to exfiltrate sensitive data using indirect prompt injection techniques.

Today we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers increasingly target AI behavior and weak security controls instead of traditional software bugs. The research and executive brief can be found here: ⁠GrafanaGhost: The Phantom Stealing Your Data⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

People in this episode

Guest: Sasi Levi

Topics covered

  • vulnerability
  • data exfiltration
  • AI security
  • Grafana
  • indirect prompt injection
  • enterprise platforms

Keywords

  • Grafana
  • vulnerability
  • data exfiltration
  • AI
  • security
  • Noma Security
  • GrafanaGhost

Mentioned in this episode

Organizations: Noma Security, Grafana

Books & works: GrafanaGhost: The Phantom Stealing Your Data

More episodes of Research Saturday

Explore listener stats, chart rankings, contacts and more on the Research Saturday podcast page.