- Asana AI-powered tool had a bug which exposed user data to other users
- It was fixed after a month, but users should be on their guard
Popular project management platform Asana is warning users a newly-introduced tool may have leaked their data to others on the service
Research from security experts UpGuard noted in early May 2025, Asana introduced Model Context Protocol (MCP) server, a tool that lets AI products such as ChatGPT or Copilot interact with Asana’s Work Graph.
This allows users to query for information using natural language, manage their tasks and projects with the help of AI, and get real-time updates using the MCP standard.
Save up to 52% off Lifelock Identity Theft Protection!
Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That’s why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can’t control.
Preferred partner (What does this mean?)View Deal
A month of leaks
However, the tool was implemented with a bug that exposed data from Asana instances to other MCP users.
Not all data was exposed, though, as it was limited to each user’s access scope.
Still, given that many enterprises rely on Asana when managing important tasks and large projects, it could mean sensitive information was leaked (such as project metadata, team details, discussions, uploaded files, and similar).
Asana apparently discovered the bug on June 4, meaning the platform was leaking data for a month – the company is sending out notices with links to communication forms to impacted organizations, but apart from that it’s staying relatively silent on the matter.
We don’t know if any users suffered any meaningful damage as a result of this flaw, but the company did tell BleepingComputer that it impacted roughly 1,000 customers. It has more than 130,000 paying customers all over the world including, according to some sources, heavy hitters such as Spotify, Uber, or Airbnb.
In any case, users should review Asana logs for MCP access, review generated AI summaries, and report to Asana if they see information seemingly coming in from a separate organization.
Furthermore, users are advised to set LLM integration to restricted access and pause auto-reconnections and bot pipelines for the time being.
You might also like
- One of Google’s “big AI” projects uncovered some serious security threats seemingly all on its own
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers