Issue in Asana’s Latest AI Functionality Could Have Leaked User Information for Weeks

Uncategorized Mihnea


A flaw in one of Asana’s novel AI functionalities revealed user data to others for a number of weeks. The firm indicated that the problem was rectified and was not a result of a malicious breach but seemed to stem from a logic error in its MCP (Model Context Protocol) server launched on May 1, as per the cybersecurity company UpGuard (via BleepingComputer).

MCP is an open-source system that enables AI assistants to engage with websites and applications. The rollout of Asana’s MCP Server allowed businesses to incorporate AI capabilities like summarization and natural language search from LLMs.

The emergence of generative AI tools and new benchmarks for LLM compatibility introduce fresh privacy challenges and heightened cybersecurity threats. MCP servers are now a prime target for cybercriminals, susceptible to risks such as prompt injection attacks, token theft, and escalated data leaks due to MCPs requiring extensive permissions, according to a blog entry from cybersecurity firm Pillar.

UpGuard noted that the bug “seems to have been part of this initial rollout,” identified by Asana on June 4. During that period, Asana users utilizing the MCP server were able to view information from other accounts’ “projects, teams, tasks, and other Asana entities,” as stated in an email reportedly sent to affected users.

In a statement to BleepingComputer, Asana reported that the bug affected around 1,000 accounts. Asana caters to over 130,000 businesses utilizing its project management solution, including major firms like Uber, Spotify, and Airbnb. (Note: Mashable’s editorial team also utilizes Asana.)

Asana took the server offline and notified MCP server customers on June 16 about the vulnerability. “Once the flaw was identified, our teams promptly took the MCP server offline and rectified the issue in our code,” Asana stated in its message to BleepingComputer. The company dispatched a contact form to potentially affected clients to gather a comprehensive report of which companies might have had their data compromised.

It remains uncertain if a significant data breach occurred, but Asana recommended that companies examine their logs for MCP access and any data produced by their AI tools, reporting back to Asana if they discover any information that does not belong to their organization.

UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the impacted server was operational again as of June 17.