Article Summary
Asana's AI-powered 'intelligent summary' feature, which utilizes Model Context Protocol (MCP) technology, inadvertently exposed customer data to other organizations.
- The data exposure occurred due to an incorrect configuration on the AI partner's MCP server.
- This allowed data from one Asana organization to be visible to another if both were using the specific AI feature.
- Asana promptly disabled the affected feature and collaborated with its AI partner to rectify the misconfiguration.
- The incident was limited to organizations that utilized the 'intelligent summary' feature between February and early May 2024.