TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security Grafana Patches AI Bug That Could Have Leaked User Data Grafana Patches AI Bug That Could Have Leaked User Data by Alexander Culafi Apr 7, 2026 3 Min Read Application Security AI-Assisted Supply Chain Attack Targets GitHub AI-Assisted Supply Chain Attack Targets GitHub by Jai Vijayan Apr 6, 2026 3 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Threat Intelligence Сloud Security Data Privacy News Grafana Patches AI Bug That Could Have Leaked User Data By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive data to the attacker's server. Alexander Culafi , Senior News Writer , Dark Reading April 7, 2026 3 Min Read Source: GK Images via Alamy Stock Photo An issue with observability platform Grafana would have enabled attackers to trick its AI capabilities into leaking sensitive data. Grafana is a popular observability platform used to compile and track business data tied to finances, telemetry, operations, infrastructure, customer, and more. Because the platform's nature inherently connects it to the center of an organization's most valuable information, compromising a Grafana instance could prove devastating. AI security vendor Noma today published research concerning "GrafanaGhost," an indirect prompt injection attack researchers discovered that could allow a threat actor to exfiltrate data. The attack leans on how Grafana's AI components process information. In short, an attacker would hide malicious instructions on a Web page they control, and through trickery in terms of how the instructions are presented, the AI ingests the orders as benign and inadvertently sends requested sensitive data back to an attacker-controlled server. Related: AI-Assisted Supply Chain Attack Targets GitHub The user of Grafana's AI assistant would access an attacker-crafted URL path and Grafana would ingest the prompt as soon as a malicious image file began to load. The core technical issue enabling GrafanaGhost has been patched. How GrafanaGhost Works The prompt injection resulted from Noma wanting to know where a user could potentially interact with Grafana's AI components, as anything user-facing is an opportunity for a prompt injection attack. After some troubleshooting, Noma found where indirect prompts are processed and identified image tags as a viable avenue for making a malicious command. Although external images have protections on them to prevent attacks like this, researchers managed to bypass said protections by using protocol-relative URLs to circumvent domain validation and the "INTENT" keyword to disable AI model guardrails, which at the time caused Grafana to inadvertently see an external prompt as benign. With the right setup, data is exfiltrated with the victim unaware as soon as the image starts being rendered. As Sasi Levi, security research lead at Noma Security, tells Dark Reading, this doesn't necessarily require getting a defender to click a link that loads a malicious page. "[The attacker needs] to get their indirect prompt stored in a location that Grafana's AI components will later retrieve and process," he says. "Once that payload is sitting in the data store, it waits and fires automatically when any user performs a normal interaction with their Grafana instance (like browsing entry logs). The user is the unwitting trigger, not the target of a phishing attempt. That's what makes it so stealthy." Related: OWASP GenAI Security Project Gets Update, New Tools Matrix Noma praised Grafana for its response. After Noma followed responsible disclosure protocols, Grafana "jumped on the issue immediately, worked closely with us to validate the findings, and rolled out a fix as fast as possible to secure their users." Grafana Responds to GrafanaGhost Grafana Labs chief information security officer (CISO) Joe McManus tells Dark Reading in an email that Noma's research highlighted an issue with Grafana's image renderer in its Markdown component, which was "quickly patched." However, the company disputes the claim that the attack constitutes "zero-click," as Noma described it, or that it could operate silently and autonomously in the background. "Any successful execution of this exploit would have required significant user interaction — specifically, the end user would have to repeatedly instruct our AI assistant to follow malicious instructions contained in logs, even after the AI assistant made the user aware of the malicious instructions," McManus says. "We emphasize that there is no evidence of this bug having been exploited in the wild, and no data was leaked from Grafana Cloud." Related: Claude Source Code Leak Highlights Big Supply Chain Missteps Dark Reading has contacted Noma Security for a response. About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. See more from Alexander Culafi Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response How Enterprises Are Developing Secure Applications Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Access More Research Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN More Webinars Editor's Choice Cybersecurity Operations RSAC 2026: AI Dominates, But Community Remains Key to Security RSAC 2026: AI Dominates, But Community Remains Key to Security by Kristina Beek , Rob Wright Apr 2, 2026 Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks Threat Intelligence Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Jan 2, 2026 Cyber Risk Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult Jan 12, 2026 | 7 Min Read Endpoint Security CISOs Face a Tighter Insurance Market in 2026 Jan 5, 2026 | 7 Min Read Threat Intelligence 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Jan 30, 2026 | 8 Min Read Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Wed, May 6,2026 at 1pm EST Building a Robust SOC in a Post-AI World Thurs, March 19, 2026 at 1pm EST Retail Security: Protecting Customer Data and Payment Systems Thurs, April 2, 2026 at 1pm EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Wed, April 1, 2026 at 1pm EST Securing Remote and Hybrid Work Forecast: Beyond the VPN Tues, March 10, 2026 at 1pm EST More Webinars White Papers How Sunrun Transformed Security Operations with AiStrike Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity Explore More White Papers Black Hat Asia | Marina Bay Sands, Singapore Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three powe