Asanaβs new Model Context Protocol (MCP) feature experienced a logic flaw that led to unintentional data exposure across organizations, impacting approximately 1,000 customers. Although not caused by hacking, the incident underscores the risks associated with AI-integrated work management tools. #Asana #MCP #DataLeakage #LLMIntegration
Keypoints
- Asana introduced the MCP server feature with large language model (LLM) integration in May 2025.
- A logic flaw in MCP caused data from one organization to be visible to users from other organizations for over a month.
- The exposed data could include task details, project metadata, comments, and uploaded files.
- Asana has taken the MCP server offline and advises admins to review logs and restrict LLM access.
- The incident affects approximately 1,000 customers and highlights privacy risks associated with AI-powered tools.