A vulnerability called GrafanaGhost allows attackers to quietly extract sensitive data from Grafana environments without user interaction or traditional compromise techniques.
Discovered by researchers at Noma Security, the flaw highlights how AI-driven features can introduce new, difficult-to-detect attack paths in widely used platforms.
“Treat AI assistants and agents as a new, first-class attack surface. The threat model must explicitly cover indirect prompt injection, tool calling, retrieval behavior, and cross-system data movement — not just model jailbreaks or classic web vulns,” said Gidi Cohen, CEO & Co-founder at Bonfy AI in an email to eSecurityPlanet.
Read the rest of the article here: https://www.esecurityplanet.com/threats/grafanaghost-flaw-allows-silent-data-exfiltration/