Work administration platform Asana is warning customers of its new Mannequin Context Protocol (MCP) function {that a} flaw in its implementation probably led to knowledge publicity from their situations to different customers and vice versa.
The information publicity was because of a logic flaw within the MCP system and never the results of a hack, however the danger that arises from the incident might nonetheless be vital in some circumstances.
Asana is a challenge and process administration SaaS platform utilized by organizations to plan, monitor, and handle work, assign duties to crew members, set deadlines, and collaborate from a centralized interface.
As of final 12 months, the platform had over 130,000 paying prospects and hundreds of thousands of free-tier customers throughout 190 nations.
On Could 1, 2025, Asana launched the MCP server function with massive language mannequin (LLM) integration, enabling AI-powered capabilities reminiscent of summarization, good replies, pure language queries, and extra.
Nevertheless, a software program bug within the MCP server uncovered knowledge from Asana situations to different MCP customers, with the info sort being restricted to every person’s entry scope.
Which means that organizations didn’t have their whole Asana workspace leaked to the general public. Nonetheless, different firms’ customers with entry to MCP might need seen sure knowledge from one other area, together with chatbot-generated queries.
Relying on the mixing sort and engagement with the chatbots, the uncovered knowledge might embody task-level data, challenge metadata, crew particulars, feedback and discussions, and any uploaded information.
Asana found the logic flaw that created this publicity on June 4, so these cross-organization knowledge leaks occurred for over a month.
Given the purposeful position of Asana inside organizations, it’s potential that these leaks contained delicate data that would create privateness and even regulatory complexities for impacted entities.
For that reason, it’s endorsed that admins evaluate Asana logs for MCP entry, evaluate generated AI summaries or solutions, and report it instantly in the event that they see knowledge that seems to have been pulled from one other group.
LLM integration must be set to restricted entry, and auto-reconnections and bot pipelines must be paused till belief has been re-established and there are not any residual publicity dangers.
Asana despatched notices with hyperlinks to communication types to every impacted group however has not issued a public assertion concerning the incident.
UpGuard, who knowledgeable BleepingComputer concerning the concern, shared extra particulars by itself weblog area, together with recommendation for probably impacted customers.
BleepingComputer has contacted Asana to ask concerning the scope of the publicity and the variety of affected organizations/customers, and a spokesperson has advised us the incident impacts roughly 1,000 prospects.
Within the meantime, the MCP server has been taken offline, however Asana’s standing web page signifies that it has returned to regular operational standing as deliberate on June 17, 17:00 UTC.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and give attention to strategic work — no advanced scripts required.
