Indirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from Grafana environments, including financial metrics, infrastructure health data, private customer data, and operational logs, among others. Noma Security disclosed the flaw to the Grafana team, which reportedly validated the flaw and rolled out a fix. Grafana did not immediately respond to CSO’s request for comments. Grafana is a widely used open-source data visualization and observability platform that enables organiz...