Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa.
The data exposure was due to a logic flaw in the MCP system and not the result of a hack, but the risk that arises from the incident could still be significant in some cases.
Asana is a project and task management SaaS platform used by organizations to plan, track, and manage work, assign tasks to team members, set deadlines, and collaborate from a centralized interface.
As of last year, the platform had over 130,000 paying customers and millions of free-tier users across 190 countries.
On May 1, 2025, Asana introduced the MCP server feature with large language model (LLM) integration, enabling AI-powered capabilities such as summarization, smart replies, natural language queries, and more.
However, a software bug in the MCP server exposed data from Asana instances to other MCP users, with the data type being limited to each user's access scope.
This means that organizations did not have their entire Asana workspace leaked to the public. Still, other companies' users with access to MCP might have seen certain data from another domain, including chatbot-generated queries.
Depending on the integration type and engagement with the chatbots, the exposed data could include task-level information, project metadata, team details, comments and discussions, and any uploaded files.
Asana discovered the logic flaw that created this exposure on June 4, so these cross-organization data leaks occurred for over a month.
Given the functional role of Asana within organizations, it is possible that these leaks contained sensitive information that could create privacy or even regulatory complexities for impacted entities.
... continue reading