Asana has alerted users about a flaw in its new Model Context Protocol (MCP) feature, which resulted in potential data exposure between its users, not due to a hack but a logic error. This exposure, which lasted over a month, allowed some users to access limited data from other organizations’ instances, including task information and project metadata. Asana, a popular project management SaaS platform, already has over 130,000 paying customers and millions of free-tier users globally. The MCP feature, launched on May 1, 2025, integrates large language models for AI functionalities. After discovering the flaw on June 4, Asana has advised admins to closely monitor access logs and temporarily restrict LLM integration. Approximately 1,000 organizations may have been affected, and while the MCP feature has since returned to operational status, concerns about privacy and regulatory implications remain. Asana has communicated warnings to impacted organizations but has yet to issue a public statement.
Source link
Asana Alerts Users to MCP AI Feature’s Data Exposure Risk to Other Organizations
Leave a Comment
Leave a Comment
