On June 4, Asana alerted customers that its newly launched AI feature had inadvertently shared data between separate workspaces. The problem wasn’t an outside breach but a Model Context Protocol (MCP) logic error introduced on May 1 to power auto-summaries, smart replies and natural-language queries.
What Happened
When two organizations both enabled MCP, snippets of information—limited to what users could already see—drifted across accounts. Exposed content included task descriptions, project metadata, team discussions and any files shown during AI interactions. Over five weeks, roughly 1,000 paying customers may have viewed data from another tenant before Asana engineers identified and patched the flaw on June 17.
Customer Guidance
Asana notified affected customers directly and recommended that administrators:
- Temporarily disable or restrict LLM integrations
- Pause automated reconnections and bot pipelines
- Review recent AI summaries and responses for unexpected content
- Report any suspect data through Asana support
Resolution and Follow-Up
After taking the MCP service offline, Asana deployed a targeted fix and restored normal operations on June 17 at 17:00 UTC. The company has not issued a broad public statement but continues to communicate directly with those impacted. Security researcher UpGuard, who first flagged the issue publicly, has also shared guidance for assessing exposure. Asana confirms no external actor exploited the vulnerability.
Key Takeaways
- Even well-tested AI modules can introduce logic flaws that affect multi-tenant environments.
- Organizations should apply the same security scrutiny to AI-driven features as they do to core functionality, enforcing strict data-access policies and real-time monitoring.
- Collaboration between in-house developers, security researchers and external auditors strengthens overall resilience.
Looking Ahead
As AI continues to shape collaborative tools, rigorous testing, clear rollout protocols and ongoing audit capabilities will be essential. For now, Asana customers should double-check permissions, monitor activity logs and remain vigilant for any lingering side effects.