%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Safety company Noma recently released a research report, revealing a security vulnerability named "GrafanaGhost" in the AI assistant feature of the open-source monitoring and data visualization platform Grafana. This vulnerability allows hackers to use "indirect prompt injection" to trick the AI assistant into leaking sensitive corporate data to an external server.
"Indirect Prompt Injection": Covert Data Theft
According to researchers, Grafana's built-in AI assistant allows users to query and analyze monitoring data through natural language. However, hackers can embed malicious instructions in external web pages that Grafana can access.
When the AI assistant parses this contaminated content, it may be misled into bypassing existing security mechanisms and triggering external requests. Sensitive information is sent to a hacker-controlled server in the form of URL parameters. Since the entire process does not generate obvious error messages, ordinary users often fail to detect the anomaly.
Official Response: Non-zero-click Vulnerability, Now Fixed
Regarding this vulnerability, Joe McManus, Chief Security Officer at Grafana Labs, stated that the company quickly fixed the issue after being notified. He also emphasized the limitations of the vulnerability:
Non-automated Attack: This vulnerability is not classified as a "zero-click" or "self-propagating" attack.
Access Requirement: Hackers need to first gain access to the user's device before they can interact with the AI assistant.
Multiple Triggers: Achieving malicious operations typically requires multiple interactions, not a single action.
Grafana Labs further stated that there is currently no evidence that the vulnerability has been exploited, and no data breaches have been found in its cloud service (Grafana Cloud). The official urged users not to be overly concerned and recommended keeping an eye on and updating to the fixed secure version to ensure the security of the monitoring environment.