Work administration platform Asana is warning customers of its new Mannequin Context Protocol (MCP) function {that a} flaw in its implementation doubtlessly led to knowledge publicity from their situations to different customers and vice versa.
The info publicity was as a consequence of a logic flaw within the MCP system and never the results of a hack, however the threat that arises from the incident might nonetheless be important in some circumstances.
Asana is a venture and job administration SaaS platform utilized by organizations to plan, monitor, and handle work, assign duties to workforce members, set deadlines, and collaborate from a centralized interface.
As of final yr, the platform had over 130,000 paying prospects and tens of millions of free-tier customers throughout 190 nations.
On Might 1, 2025, Asana launched the MCP server function with giant language mannequin (LLM) integration, enabling AI-powered capabilities akin to summarization, sensible replies, pure language queries, and extra.
Nonetheless, a software program bug within the MCP server uncovered knowledge from Asana situations to different MCP customers, with the info sort being restricted to every person’s entry scope.
Which means that organizations didn’t have their complete Asana workspace leaked to the general public. Nonetheless, different firms’ customers with entry to MCP might need seen sure knowledge from one other area, together with chatbot-generated queries.
Relying on the mixing sort and engagement with the chatbots, the uncovered knowledge might embody task-level info, venture metadata, workforce particulars, feedback and discussions, and any uploaded information.
Asana found the logic flaw that created this publicity on June 4, so these cross-organization knowledge leaks occurred for over a month.
Given the practical position of Asana inside organizations, it’s attainable that these leaks contained delicate info that would create privateness and even regulatory complexities for impacted entities.
Because of this, it’s endorsed that admins overview Asana logs for MCP entry, overview generated AI summaries or solutions, and report it instantly in the event that they see knowledge that seems to have been pulled from one other group.
LLM integration must be set to restricted entry, and auto-reconnections and bot pipelines must be paused till belief has been re-established and there aren’t any residual publicity dangers.
Asana despatched notices with hyperlinks to communication types to every impacted group however has not issued a public assertion concerning the incident.
UpGuard, who knowledgeable BleepingComputer concerning the challenge, shared extra particulars by itself weblog house, together with recommendation for doubtlessly impacted customers.
BleepingComputer has contacted Asana to ask concerning the scope of the publicity and the variety of affected organizations/customers, and a spokesperson has advised us the incident impacts roughly 1,000 prospects.
Within the meantime, the MCP server has been taken offline, however Asana’s standing web page signifies that it has returned to regular operational standing as deliberate on June 17, 17:00 UTC.
Patching used to imply complicated scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and give attention to strategic work — no complicated scripts required.
