Asana MCP server back online after plugging a data-leak hole • The Register

Asana has fastened a bug in its Mannequin Context Protocol (MCP) server that might have allowed customers to view different organizations’ knowledge, and the experimental function is again up and operating after almost two weeks of downtime to repair the problem.

MCP is an open-source protocol first launched by Anthropic in November 2024 that permits AI brokers and language fashions to connect with exterior sources like databases and messaging platforms and work together with one another.

Asana, which offers software program for managing workflows and collaboration amongst groups, rolled out its MCP server on Could 1. The brand new function permits customers to combine with and entry their Asana knowledge from different AI apps, plus use pure language queries to ask questions on their enterprise knowledge.

In accordance with the seller’s personal documentation, there are dangers concerned:

Certainly, that caveat proved prescient: Asana found a vulnerability within the MCP server on June 4 and took the function offline for upkeep from June 5 via June 17.

Whereas the seller’s MCP incident report does not present particulars concerning the coding error, in keeping with a disclosure despatched to prospects and shared on social media, “this bug might have doubtlessly uncovered sure data out of your Asana area to different Asana MCP customers.”

As of Tuesday, Asana says the MCP interface is again up and operating, however prospects should reconnect to it.

“In case your group was utilizing the MCP server and was impacted by this problem, we now have already reached out to you instantly with essential particulars and subsequent steps,” the software program agency famous in its postmortem. “As a part of our remediation efforts, we reset all connections to the MCP server. This implies you will must manually reconnect your Asana occasion to the MCP server.”

An Asana spokesperson informed The Register, “we’re engaged on a full incident report as we converse (our main focus to this point has been serving to impacted prospects with mitigation),” and promised to alert us when the report was accessible. The spokesperson didn’t reply our questions concerning the bug, together with what number of prospects had been affected.

There is no indication that miscreants exploited the problem — nor that customers truly acquired a glimpse of different orgs’ information — but it surely’s an excellent reminder that bleeding-edge know-how means new dangers, or not less than the identical outdated dangers manifested in new methods.

Contemplating enterprises could use Asana to share delicate knowledge whereas collaborating on tasks, a leaky AI integration might have ended very badly for the software program vendor and its prospects.

The bug “highlights key lessons for any group integrating LLMs,” in keeping with UpGuard director of analysis and insights Greg Pollock. The safety store recommends anybody utilizing MCP “implement strict tenant isolation and least-privilege entry” to restrict the scope of information that the AI techniques can entry.

It is also essential to “log all the pieces,” and particularly LLM-generated queries, to help with any future incident experiences and investigations, Pollock wrote. ®