GrafanaGhost: Prompt Injection Turns Dashboards Into Spy Tools
·1791 words·9 mins
Noma Security’s GrafanaGhost disclosure reveals how indirect prompt injection in Grafana’s AI assistant can silently steal financial metrics, infrastructure data, and customer information — without authentication. Here’s what happened, how it works, and what to do about it.