Asana bug in new AI feature may have exposed data to other users for weeks
A bug in one of Asana's new AI features made user information accessible to other users for several weeks.
The company said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).
MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.
SEE ALSO: 'Your Year in Asana' is a reminder of all the work you did (or didn't do)
The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.
According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.
In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)
Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.
It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.
UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
27 minutes ago
- Forbes
Targeting The Heart With AI
Cardiologist doctor examine patient heart functions and blood vessel on virtual interface. Medical ... More technology and healthcare treatment to diagnose heart disorder and disease of cardiovascular system. It's one thing to talk about what AI will do in healthcare – they use cases and applications that will change the face of that field. It's something else to describe how this will happen – how the body's systems interact with the technology in ways that can, frankly, be pretty amazing. Our bodies are immensely complex – very sophisticated machines with literally dozens of functional systems put together in a unified whole. That's not to mention the immense structure of the human brain, which Marvin Minsky famously characterized as hundreds of machines working together in his Society of the Mind book, as well as his legacy of work at MIT. Complex Systems in Human Biology Just take the heart – the body's largest muscle, and responsible for keeping us alive by pumping blood through the body in particular ways. With its multiple chambers, its complex system of veins and arteries, its electrical impulses and more, the heart is in some ways enigmatic and difficult for clinicians to work on. The gold standard for cardiac evaluation is the EKG; at least, it has been for decades. But what if AI and other technologies could find new ways of getting cardiac information, and new ways of diagnosing and processing it for patient care? The Equipment of Cardiology Recently, my colleague, Daniela Rus, director of the MIT CSAIL lab, interviewed SandboxAQ CEO Jack Hidary at Imagination in Action this spring. They talked about specifically that: how quantum technology and artificial intelligence could be used to innovate heart care. Prior to that, though, Hidary talked about other medical use cases, pointing out, for example, that 85% of clinical trials fail, and that specific strategies with AI can save enormous amounts of time and money in looking at how proteins bind to receptors, or other outcomes. A Quick Glossary Prior to going into the specifics of new AI heart treatment Hidary referenced CUDA (Compute Unified Device Architecture) which is a parallel computing platform created by NVIDIA that allows developers to use some of the company's hardware for general-purpose and scientific computing. That's going to be relevant here. He also talks about tensors, in aid of explaining how teams can 'put quantum on GPUs' - he also mentioned quantum sensors, which are new ways to gather information by using quantum science for precision in data handling. That's where this theory on cardiology care comes in. Replacing the EKG The EKG assesses the electric field of the heart. A new quantum and AI method, Hidary suggested, would instead focus on the magnetic field of the heart. This could come through the body in a very direct and full way, in order to provide better and more detailed data. Think of it as a type of lossless signal compression that will deliver better data to cardiac assessment. 'This is something that is melding AI and quantum together,' he said. 'You can't do one without the other.' Here's how he described the process: 'Your skin conductance is very indirectly related to your heart,' Hidary said. 'Those wires (in the new system) are not on your heart itself. They're on your skin, but the magnetic field comes through the cavity of the body, undisturbed, unperturbed, intact in 360 degrees, (in data) around us that is a beautiful, pristine, high-density information view of the heart, unlike the EKG, which is very indirect and often has many false positives and many, many false negatives.' In listening to Hidary talk, you get the idea that we may be on the verge of revolutionary new kinds of heart treatments that rely on the intersection of quantum and AI to see what's really happening inside of a person's body. More on Heart Care This resource from Campanile Cardiology talks about changing care from reactive to proactive, and using pattern recognition and predictive power for early detection. The author also covers efforts to figure out the heart's 'real age' or biological age based on conditions like plaque buildup. Or you can take this set of predictions from JACC, notwithstanding the medical-ese in which they're written: · AI-enabled technologies are increasingly integrated into cardiovascular practice and investigation. · Over the next decade, we envision an AI-propelled future in which the cardiovascular diagnostic and therapeutic landscape will effectively leverage multimodal data at the point of care. · Innovations in biomedical discovery and cardiovascular research are also set to make the future of cardiovascular care more personalized, precise, and effective. · The path to this future requires equitable and regulated adoption that prioritizes fairness, equity, safety, and partnerships with innovators as well as our communities and society. In any case, it looks like we are close to unlocking new types of healthcare with the technologies at our disposal. And these are brand new. Five years ago, ten years ago, nobody was writing about these things, because they didn't functionally exist. What we've discovered is a new expanse of uncharted waters. That's going to keep us busy for quite a while.
Yahoo
31 minutes ago
- Yahoo
BigBear.ai (BBAI) Partners with Analogic to Elevate Airport Security with AI
Holdings Inc. (NYSE:BBAI) is one of the 10 best debt-free IT penny stocks to buy. On June 10, reported that it has partnered with aviation security firm Analogic to strengthen airport screening systems through the integration of AI and advanced imaging technology. The collaboration brings together Pangiam Threat Detection platform with Analogic's ConneCT security system, a CT-based Explosive Detection System used at airport checkpoints. The Pangiam platform will provide airport security teams with AI-powered insights in real time, thus helping them identify potential threats more quickly and accurately. Its open architecture also allows it to connect with different systems and tools, offering flexibility for future upgrades or custom solutions. An individual interacting with an access control system as a security measure. The companies are combining real-time computer vision with CT scanning, and by doing that they are targeting to improve both safety and efficiency at airports. Their common goal is not just stronger detection, but smoother operations, with less disruption to passengers and lower operating costs for airports. For this collaboration supports a broader push into transportation and national security markets. The collaboration highlights growing interest in using AI to modernize infrastructure in ways that are both scalable and practical. Holdings Inc. (NYSE:BBAI) specializes in edge AI-powered decision intelligence solutions, catering to national security, supply chain management, and digital identity applications. While we acknowledge the potential of BBAI as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Best Tech Stocks to Buy According to Billionaires. Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
37 minutes ago
- Yahoo
CS Disco (LAW) Earns Canaccord's Confidence with Enterprise-Focused Strategy
CS Disco Inc. (NYSE:LAW) is one of the 10 best debt-free IT penny stocks to buy. On June 23, Canaccord Genuity analyst David Hynes reaffirmed his Buy rating on CS Disco (NASDAQ:LAW), with an unchanged and consensus-high price target of $9. The analyst's view appear confident towards company's effort to reshape its sales approach. CS Disco is shifting its focus towards larger enterprises that deal with complex legal matters, a move Hynes believes could help resolve past sales execution issues. The company's native cloud platform and use of AI give it an edge over older, more rigid systems, which may improve its chances of winning business from larger firms. Galyna Motizova/ Hynes also believes that the leadership team, under CEO Eric Friedrichsen, is well equipped with relevant experience in scaling software companies and managing transitions. Though profitability remains some distance off and growth has slowed, Hynes suggests that the changes now in progress could improve the company's longer-term trajectory. For investors with an eye on undervalued small-cap tech names, CS Disco may be one to watch as its strategy plays out. CS Disco Inc. (NYSE:LAW) is a legal technology company that provides an AI-powered cloud platform for eDiscovery, legal document review, and case management. While we acknowledge the potential of LAW as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Best Tech Stocks to Buy According to Billionaires. Disclosure: None. Sign in to access your portfolio
