Asana bug in new AI feature may have exposed data to other users for weeks

A bug in one of Asana's new AI features made user information accessible to other users for several weeks.
The company said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).
MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.
SEE ALSO: 'Your Year in Asana' is a reminder of all the work you did (or didn't do)
The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.
According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.
In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)
Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.
It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.
UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

CNET

37 minutes ago

• CNET

Protect Your Property With the Low Maintenance Eufy SoloCam S220 for Just $65

According to a recent CNET survey, one in six US adults has been a victim of package theft at least once -- and that's just one of many growing threats. This is exactly why having a reliable outdoor security camera isn't just a nice-to-have: It's essential for added protection and a little peace of mind. Plus, if you've been thinking about getting one, now's the perfect time to make it happen. Eufy, one of our go-to home security brands, is offering a huge 50% off its solar-powered S220 security camera, bringing the price down to just $65. There are no monthly fees or hidden costs so it's a one-and-done purchase. The only catch? This promotion is part of a limited-time deal, so you might want to act fast. This tiny but mighty camera comes in a wire-free design and takes approximately five minutes to set up. It features an IP67 rating, so whether it's rain, shine or snow, it's built to handle whatever the weather throws at it. Hey, did you know? CNET Deals texts are free, easy and save you money. You'll get a clear 2K video that shows exactly what's happening outside your home. The f/1.6 night vision gives you a sharp view even in the dark, and the built-in AI can tell the difference between people and random objects -- you won't be bombarded with false alarms that just stress you out. You can even set custom security zones to get alerts only when there's motion where it actually matters. The Eufy S220 also works with voice assistants like Alexa and Google, so you can control it completely hands-free. And with two-way audio, you can easily communicate with whoever's at your door without having to get up. Finally, you don't have to worry about recharging the camera at all. Just 3 hours of sunlight a day keeps the solar battery up and running. Why this deal matters Taking effective measures to protect your property is no longer optional. This solar-powered security camera is not just easy to maintain but also offers a bunch of advanced features, now for just $65. This is one of the best prices we have seen on the S220, but the discount might not last long, so take advantage of it while you can.

Yahoo

38 minutes ago

• Yahoo

Wells Fargo Upgrades Zscaler (ZS) Stock, Lifts PT

Zscaler, Inc. (NASDAQ:ZS) is one of the 10 software stocks analysts are upgrading. On June 13, Wells Fargo upgraded the company's stock to 'Overweight' from 'Equal Weight,' lifting the price objective to $385 from the previous target of $260. As per the firm, software infrastructure spending in H2 2025 is expected to be driven by the adoption of agentic AI, which tends to benefit several software companies, including Zscaler, Inc. (NASDAQ:ZS). An employee standing in front of a large data center, looking toward the future of cloud security. The research firm cited Zscaler, Inc. (NASDAQ:ZS)'s potential to reach $5 billion in annual recurring revenue by fiscal 2027 as one of the measures of the upgrade. Despite the increase in the stock price YTD, the firm believes it still possesses significant room for multiple expansion. Well Fargo expects more than 20% billings growth in FY 2026 and continues to see margin expansion continuing, together with revenue growth. Notably, the company's stock has increased by ~66% on a YTD basis. In May 2025, Zscaler, Inc. (NASDAQ:ZS) signed a definitive agreement to acquire Red Canary, which is a leading managed detection and response (MDR) vendor. Through the combination of Zscaler, Inc. (NASDAQ:ZS)'s high-volume and high-quality data with Red Canary's domain expertise in MDR, Zscaler, Inc. (NASDAQ:ZS) plans to ramp up its vision to deliver AI-powered security operations. While we acknowledge the potential of ZS to grow, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an AI stock that is more promising than ZS and that has 100x upside potential, check out our report about this cheapest AI stock. READ NEXT: 13 Cheap AI Stocks to Buy According to Analysts and 11 Unstoppable Growth Stocks to Invest in Now Disclosure: None. Sign in to access your portfolio

Yahoo

an hour ago

• Yahoo

Could Nvidia's Projected 9% Annual Returns Through 2030 Be the Smartest Risk-Adjusted Play in Tech?

Nvidia, the dominant platform provider, offers excellent risk-adjusted returns with its expanding ecosystem moat. The company's transition from chip supplier to full-stack platform mirrors Apple's evolution from hardware to ecosystem dominance. A 9% annual return from a $3.5 trillion company beats speculative moonshots when considering the certainty of execution and multiple growth drivers. 10 stocks we like better than Nvidia › Forget chasing the next artificial intelligence (AI) unicorn. While venture capitalists funnel billions into speculative start-ups, Nvidia (NASDAQ: NVDA) continues to dominate the infrastructure powering the entire industry. A projected 9% annual return may not sound thrilling, but it could be the smartest risk-adjusted investment in tech this decade. According to Coatue Management, an American technology-focused investment firm, Nvidia's market cap could grow from $3.5 trillion today to $5.6 trillion by 2030, implying a 9.6% compound annual growth rate from current levels. That's a far cry from its recent hypergrowth, but it reflects a business that's maturing into its role as the backbone of the AI economy. Here's why Nvidia remains a compelling buy -- even as its pace of growth slows. Think of Nvidia as the Apple of AI. Just as the iPhone represents great hardware backed by an impenetrable ecosystem, Nvidia has built something far more valuable than fast chips -- it has created the core operating system for AI. The company's Compute Unified Device Architecture (CUDA) software platform has become the default language for AI development, with over 4 million developers now embedded in the ecosystem. Switching to a competitor means rewriting years of code, creating a switching cost that grows stronger every day. But Nvidia isn't stopping at software dominance. The company has systematically expanded into every layer of the AI stack. DGX Cloud lets companies rent AI supercomputers by the hour, democratizing access to massive computing power. New enterprise platforms help businesses deploy AI without armies of data scientists. The Omniverse platform powers everything from factory simulations to digital twins of entire cities, while the majority of automakers now rely on Nvidia's DRIVE platform for autonomous vehicle development. This isn't diversification for its own sake. Each new product strengthens the core GPU business. A company using Nvidia for robotics simulations naturally gravitates toward Nvidia chips for its data centers. The network effects compound with each customer. Yes, 9% annual returns sound pedestrian compared to Nvidia's recent rocket ride. But consider the mathematical reality -- when you're already generating $44 billion in quarterly revenue from a $3.5 trillion base, hypergrowth becomes virtually impossible. What matters is that this 9% comes with something venture-backed AI start-ups can't offer: Certainty. The company's Blackwell architecture was fully booked within months of launch, with shipments stretching into late 2025. In its most recent quarter, data center revenue surged 73% year over year to $39.1 billion, while gross margins -- excluding one-time charges -- hover above 70%. That's the kind of pricing power that competitors can only dream about. And with $54 billion in cash and marketable securities, Nvidia can weather any storm while continuing to invest aggressively. But here's what growth projections might be missing: Nvidia isn't just selling more chips to the same customers. It's expanding the entire AI market. Right now, AI remains largely confined to tech giants and cutting-edge enterprises -- not because of cost, but because of complexity. Nvidia's push to simplify deployment through easier tools, pre-trained models, and plug-and-play solutions removes the technical barriers. When every small business can implement AI without a team of engineers, the addressable market doesn't just grow -- it explodes. Think of local governments optimizing traffic patterns, small manufacturers predicting equipment failures, or family doctors using AI diagnostics. The market expansion opportunity dwarfs any competition concerns. Yes, Nvidia trades at a forward price-to-earnings (P/E) ratio of 34 -- a premium by traditional standards. And yes, Advanced Micro Devices is gaining ground while cloud giants like Microsoft and Alphabet are building their own AI chips. Meanwhile, U.S. export restrictions have cut off a significant portion of China-related revenue, removing an estimated $8 billion in near-term sales. But what's the alternative? Betting on early stage AI start-ups with no profits, no moat, and unproven demand? Nvidia's valuation isn't cheap, but it reflects something rare in tech: Dominance with durability. Wall Street keeps searching for the next big thing. But the best tech investment of the next decade may not come from a stealth start-up or a buzzy IPO. It's already here, hiding in plain sight. Nvidia, with its projected 9% annual returns, offers what's become rare in technology: Scale, certainty, and sustained innovation. While others gamble on speculative AI plays, Nvidia continues to compound wealth with the dependability of a utility and the velocity of a start-up. The AI revolution isn't slowing. It's accelerating. Every breakthrough, from autonomous vehicles to digital twins, reinforces Nvidia's grip on the infrastructure that powers it all. Sometimes the smartest move isn't chasing the next Nvidia. It's owning the one that already reshaped the future -- and is still just getting started. Before you buy stock in Nvidia, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Nvidia wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $664,089!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $881,731!* Now, it's worth noting Stock Advisor's total average return is 994% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 9, 2025 Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. George Budwell has positions in Apple, Microsoft, and Nvidia. The Motley Fool has positions in and recommends Advanced Micro Devices, Alphabet, Apple, Microsoft, and Nvidia. The Motley Fool recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. Could Nvidia's Projected 9% Annual Returns Through 2030 Be the Smartest Risk-Adjusted Play in Tech? was originally published by The Motley Fool Sign in to access your portfolio