Work administration platform Asana is warning customers of its new Mannequin Context Protocol (MCP) characteristic {that a} flaw in its implementation doubtlessly led to knowledge publicity from their cases to different customers and vice versa.
The information publicity was because of a logic flaw within the MCP system and never the results of a hack, however the threat that arises from the incident might nonetheless be important in some instances.
Asana is a venture and process administration SaaS platform utilized by organizations to plan, monitor, and handle work, assign duties to group members, set deadlines, and collaborate from a centralized interface.
As of final 12 months, the platform had over 130,000 paying clients and thousands and thousands of free-tier customers throughout 190 international locations.
On Might 1, 2025, Asana launched the MCP server characteristic with massive language mannequin (LLM) integration, enabling AI-powered capabilities comparable to summarization, good replies, pure language queries, and extra.
Nevertheless, a software program bug within the MCP server uncovered knowledge from Asana cases to different MCP customers, with the info sort being restricted to every person’s entry scope.
Because of this organizations didn’t have their complete Asana workspace leaked to the general public. Nonetheless, different corporations’ customers with entry to MCP might need seen sure knowledge from one other area, together with chatbot-generated queries.
Relying on the mixing sort and engagement with the chatbots, the uncovered knowledge might embody task-level data, venture metadata, group particulars, feedback and discussions, and any uploaded recordsdata.
Asana found the logic flaw that created this publicity on June 4, so these cross-organization knowledge leaks occurred for over a month.
Given the practical function of Asana inside organizations, it’s potential that these leaks contained delicate data that would create privateness and even regulatory complexities for impacted entities.
For that reason, it’s endorsed that admins overview Asana logs for MCP entry, overview generated AI summaries or solutions, and report it instantly in the event that they see knowledge that seems to have been pulled from one other group.
LLM integration needs to be set to restricted entry, and auto-reconnections and bot pipelines needs to be paused till belief has been re-established and there are not any residual publicity dangers.
Asana despatched notices with hyperlinks to communication varieties to every impacted group however has not issued a public assertion in regards to the incident.
UpGuard, who knowledgeable BleepingComputer in regards to the problem, shared extra particulars by itself weblog area, together with recommendation for doubtlessly impacted customers.
BleepingComputer has contacted Asana to ask in regards to the scope of the publicity and the variety of affected organizations/customers, and a spokesperson has instructed us the incident impacts roughly 1,000 clients.
Within the meantime, the MCP server has been taken offline, however Asana’s standing web page signifies that it has returned to regular operational standing as deliberate on June 17, 17:00 UTC.
Patching used to imply advanced scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and concentrate on strategic work — no advanced scripts required.
