Subj : Asana admits one of its AI features might have exposed your data To : All From : TechnologyDaily Date : Wed Jun 18 2025 15:15:08 Asana admits one of its AI features might have exposed your data to other users Date: Wed, 18 Jun 2025 14:02:00 +0000 Description: A bug in a newly introduced Asana tool was leaking data for a month, potentially exposing businesses to risk. FULL STORY ======================================================================Asana AI-powered tool had a bug which exposed user data to other users It was fixed after a month, but users should be on their guard Popular project management platform Asana is warning users a newly-introduced tool may have leaked their data to others on the service Research from security experts UpGuard noted in early May 2025, Asana introduced Model Context Protocol (MCP) server, a tool that lets AI products such as ChatGPT or Copilot interact with Asanas Work Graph. This allows users to query for information using natural language, manage their tasks and projects with the help of AI, and get real-time updates using the MCP standard. Save up to 52% off Lifelock Identity Theft Protection! Your personal info is in endless places. And any one of them could accidentally expose you to identity theft. That's why LifeLock monitors hundreds of millions of data points a second for identity theft. LifeLock. For the threats you can't control. Preferred partner ( What does this mean? ) View Deal A month of leaks However, the tool was implemented with a bug that exposed data from Asana instances to other MCP users. Not all data was exposed, though, as it was limited to each users access scope. Still, given that many enterprises rely on Asana when managing important tasks and large projects, it could mean sensitive information was leaked (such as project metadata, team details, discussions, uploaded files, and similar). Asana apparently discovered the bug on June 4, meaning the platform was leaking data for a month - the company is sending out notices with links to communication forms to impacted organizations, but apart from that its staying relatively silent on the matter. We dont know if any users suffered any meaningful damage as a result of this flaw, but the company did tell BleepingComputer that it impacted roughly 1,000 customers. It has more than 130,000 paying customers all over the world including, according to some sources, heavy hitters such as Spotify, Uber, or Airbnb. In any case, users should review Asana logs for MCP access, review generated AI summaries, and report to Asana if they see information seemingly coming in from a separate organization. Furthermore, users are advised to set LLM integration to restricted access and pause auto-reconnections and bot pipelines for the time being. You might also like One of Google's "big AI" projects uncovered some serious security threats seemingly all on its own Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/asana-admits-one-of-its-ai-features-mig ht-have-exposed-your-data-to-other-users --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .