Asana Fixes Security Flaw in AI Data Integration Tool

MCP Server Paused for Days After Bug Risked Data Leakage Between Users Rashmi Ramesh (rashmiramesh_) • June 23, 2025

Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. It paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.

See Also: Taming Cryptographic Sprawl in a Post-Quantum World

The time management company discovered the flaw in its implementation of MCP, an open-source framework that enables AI systems to interact with external data sources such as messaging platforms and enterprise applications. It disabled its MCP server between June 5 and June 17.

AI giant Anthropic introduced MCP in last November to support use cases where language models and AI agents interface with structured enterprise information (see: AI Giants Adopt Anthropic's Standard to Connect Apps, Agents).

Asana launched its integration ...