Asana MCP AI Feature Exposes Customer Data: A Critical Vulnerability Explained

Asana confirmed a flaw in its new AI-powered Model Context Protocol (MCP), launched on May 1, 2025. Due to a logic error, users could access data from other companies within the platform. The bug allowed cross-tenant exposure through AI context sharing, even though user permissions were technically respected. The issue was discovered on June 4 and the server was shut down immediately. Fixes were completed by June 17. About 1,000 customers may have been affected. Asana is notifying impacted users and providing access logs. The MCP feature is still experimental and under security review. The case highlights the risks of poorly isolated AI in SaaS products.

Reference: bleepingcomputer