On June 4, 2025, Asana confirmed a significant flaw in its Model Context Protocol (MCP) server, a tool designed to help users interact with AI more effectively across projects and teams. The problem wasn’t a breach or an external hack, but an internal logic bug that allowed some users to see sensitive information from other organizations.
And while Asana’s quick response helped limit the damage, the incident is a wake-up call. MCPs are new, fast-moving, and deeply integrated into how AI systems work behind the scenes. This won’t be the last issue we see.
Asana traced the issue to a flawed tenant isolation check in the MCP server. In short, users under specific conditions could unintentionally access project data, tasks, comments, and files from other organizations using the same MCP system. It wasn’t an attack, but the result was the same: data that should’ve been private ended up exposed.
While the exposure was limited to what users already had access to within their own organizations, cross-org data visibility meant the following types of information may have leaked:
If your teams use AI context servers like Asana’s MCP, it’s a good idea to:
Asana’s response was fast and transparent but this incident highlights a deeper truth: MCP systems introduce a new layer of security risk that many teams aren’t ready for yet. These context servers plug directly into AI workflows, with access to everything from tasks and files to tools and API keys. That’s a lot of power and a lot of exposure when something goes wrong.
To protect your organization from future incidents like Asana’s, keep these principles in mind:
MCPs are powerful, and they’re evolving fast sometimes faster than the security tools and policies meant to protect them. The Asana incident won’t be the last of its kind. The key is to get ahead of these risks now, while adoption is still growing.
Whether you're building MCP tools, integrating with them, or just trying to figure out how to use AI securely, take this as a clear sign: Context is power. And power needs guardrails.
Stay tuned. This space is moving quickly and so are the threats.
Mohamed Osman is a seasoned Field CTO with over 20 years of experience in cybersecurity, specializing in SIEM, SOAR, UBA, insider threats, and human risk management. A recognized innovator, he has led the development of award-winning security tools that improve threat detection and streamline operations. Mohamed’s deep expertise in insider threat mitigation has helped organizations strengthen their defenses by identifying and addressing internal risks early. His work has earned him honors like the Splunk Innovation Award and recognition for launching the Zain Security Operations Center. With a strategic mindset and hands-on leadership, Mohamed Osman continues to shape the future of cybersecurity—empowering enterprises to stay ahead of evolving threats.