Asana bug in new AI feature may have exposed data to other users for weeks
A bug in one of Asana's new AI features made user information accessible to other users for several weeks.
The company said the issue was resolved and it was not the result of a malicious hack. Instead, it appeared to be a logic flaw in its MCP (Model Context Protocol) server that was released on May 1, according to cybersecurity firm UpGuard (via BleepingComputer).
MCP is an open-source framework that enables AI assistants to interact with sites and apps. The introduction of Asana's MCP Server enabled companies to integrate AI features like summarization and natural language search from LLMs.
SEE ALSO: 'Your Year in Asana' is a reminder of all the work you did (or didn't do)
The rise of generative AI tools and new standards that enable interoperability for LLMs create new privacy issues and increased cybersecurity risk. MCP servers are a shiny new target for hackers, and there's also risk of prompt injection attacks, token theft, and a general increase in data leaks since MCPs request broad permission to function smoothly, according to a blog post from cybersecurity firm Pillar.
According to UpGuard, the bug "appears to have been part of this initial release," and was discovered by Asana on June 4. But during this time, Asana users working with the MCP server have been able to access information from other accounts' "projects, teams, tasks, and other Asana objects," according to an email reportedly sent to customers impacted.
In a statement to BleepingComputer, Asana said the bug impacted around 1,000 accounts. Asana has more than 130,000 companies using its project management platform, including some big companies like Uber, Spotify, and Airbnb. (Disclosure: Mashable's editorial team also uses Asana.)
Asana took the server offline and informed customers using the MCP server on June 16 about the bug. "As soon as the vulnerability was discovered, our teams immediately took the MCP server down and resolved the issue in our code," Asana said in its statement to BleepingComputer. Meanwhile, the company sent a contact form to customers potentially impacted to compile a full report of which companies may have had their data exposed.
It's unclear yet if there was any major data breach, but Asana advised companies to review their logs for MCP access and any information generated by their AI tools and report it to Asana if they find any data that doesn't belong to their company.
UPDATE: Jun. 18, 2025, 1:50 p.m. EDT Asana confirmed in a status update that the affected server was back online as of June 17.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
NYSE: SHOP) with a 'BUY' Rating and 12-Month Price Target of $130 USD
TORONTO, June 19, 2025 (GLOBE NEWSWIRE) -- Rockcliffe Capital is pleased to announce the initiation of equity research coverage on Shopify Inc. (TSX/NYSE: SHOP), one of North America's leading cloud-based commerce platforms empowering millions of merchants globally. Following a comprehensive fundamental and technical review, Rockcliffe Capital assigns Shopify a 'BUY' rating, supported by a 12-month price target of $130 USD, representing meaningful upside from current levels. 'Shopify stands at the intersection of software, e-commerce, and AI—a rare combination that positions it as a foundational platform for the future of global retail,' said Felix Gelt, Managing Director of Research at Rockcliffe Capital. 'Its durable growth, consistent free cash flow margins, and deep investments in AI make it a generational compounder.' Investment Thesis Highlights: • Sustainable Growth: Revenue rose 27% year-over-year in Q1 2025 to $2.36 billion, driven by continued GMV expansion and international strength. • Strong Cash Flow Profile: 15% free cash flow margin in the last quarter, with management guiding toward mid-teens margins in Q2. • AI & Enterprise Tailwinds: New generative AI tools, including 'Sidekick,' and accelerated enterprise adoption are expected to drive next-phase monetization. • Global Reach, Expanding TAM: Operating in 175+ countries, with increasing traction across emerging markets and B2B verticals. Valuation & Target: Rockcliffe Capital's proprietary model assigns Shopify a 2026E EV/Revenue multiple of ~18x, reflecting its leadership in e-commerce infrastructure and upcoming monetization from AI and enterprise. Our $130 USD price target reflects a base-case scenario with upside potential through further international penetration and SaaS revenue lift. Risk Factors: Key risks include macroeconomic pressure on discretionary spending, increased platform competition, and possible volatility tied to Shopify's strategic equity investments. However, we believe these are well-managed within the current roadmap and capital structure. About Rockcliffe Capital Research Rockcliffe Capital's Research Department provides institutional-grade equity research focused on growth-stage companies, public markets, and high-conviction investment themes. Through rigorous analysis, proprietary modeling, and deep sector insights, our research team supports investors, issuers, and strategic partners in identifying value and making informed decisions. Our coverage includes detailed valuation frameworks, peer comparisons, financial modeling, and ESG scorecards—delivering the intelligence that drives market leadership. Please contact research@ for access to our full research suite and initiation reports. Media Contact Rockcliffe Capital Research & Markets Division research@ +1 (416)-642-1967 This press release is for informational purposes only and does not constitute investment advice. Rockcliffe Capital and its affiliates may hold positions in the securities in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
3 Mutual Funds to Buy on Continued Growth in Semiconductor Sales
Semiconductor sales have been steadily rising over the past year, largely driven by the enthusiasm surrounding artificial intelligence (AI), particularly generative AI. Robust demand across multiple industries has led to significant revenue growth in the semiconductor sector over recent quarters. In fact, the semiconductor industry, a key segment of the broader tech market, played a key role in powering last year's market upswing. Given these positive trends, investing in semiconductor-focused mutual funds — such as DWS Science and Technology A KTCAX, Fidelity Select Technology Portfolio FSPTX, and Red Oak Technology Select ROGSX — may be a smart move. According to the Semiconductor Industry Association (SIA), global semiconductor sales jumped a solid 2.5% sequentially in April, hitting $57 billion, up from $55.6 billion in March. Year over year, sales grew 22.7%. This marked the 11th consecutive month of year-over-year growth above 17%. SIA President and CEO John Neuffer said, 'Global semiconductor sales in April ticked up on a month-to-month basis for the first time in 2025, and the global market continues to notch year-to-year growth driven by increasing sales into the Americas and Asia Pacific.' The initial decline in monthly sales this year was sparked by uncertainties over the future of U.S. tech companies in AI following the launch of the low-cost Chinese AI model DeepSeek. However, concerns eased quickly, with many experts viewing the launch as overly hyped. The solid April performance followed an impressive 2024, when global semiconductor sales reached $627.6 billion, reflecting a 19.1% increase over 2023's $526.8 billion. Fourth-quarter sales alone grew 17.1% year over year, totaling $170.9 billion. The growth was largely fueled by rising demand for semiconductors in data centers, with memory chips contributing significantly to revenues. As tech firms continue to invest heavily in AI, the semiconductor industry is expected to benefit further. Experts predict strong demand to continue into 2025, with the SIA anticipating double-digit sales growth. We have, thus, selected three mutual funds with significant exposure to semiconductor producers. These funds carry a Zacks Mutual Fund Rank #1 (Strong Buy) or 2 (Buy) and are poised to gain from the above factors. Moreover, these funds have encouraging three- and five-year returns. Additionally, the minimum initial investment is within $5000. We expect these funds to outperform their peers in the future. Remember, the goal of the Zacks Mutual Fund Rank is to guide investors to identify potential winners and losers. Unlike most of the fund-rating systems, the Zacks Mutual Fund Rank is not just focused on past performance but also on the likely future success of the fund. The question here is: why should investors consider mutual funds? Reduced transaction costs and diversification of portfolio without several commission charges that are associated with stock purchases are primarily why one should be parking money in mutual funds (read more: Mutual Funds: Advantages, Disadvantages, and How They Make Investors Money). DWS Science and Technology A fund seeks growth of capital. Under normal circumstances, KTCAX invests at least 80% of its net assets in common stocks of U.S. companies in the technology sector. DWS Science and Technology A fund has a track record of positive total returns for over 10 years. Specifically, KTCAX's returns over the three and five-year benchmarks are 18.6% and 17.1%, respectively. DWS Science and Technology A fund has a Zacks Mutual Fund Rank #1 and an annual expense ratio of 0.88, which is lower than the category average of 1.03%. To see how this fund performed compared to its category and other #1 or 2 Ranked Mutual Funds, please click here. Fidelity Select Technology Portfolio fund seeks capital appreciation by investing most of its assets in common stocks of companies principally engaged in offering, using, or developing products, processes, or services that will provide or benefit significantly from technological advances and improvements. Specifically, Fidelity Select Technology Portfolio's returns over the three and five-year benchmarks are 15.7% and 18.3%, respectively. FSPTX carries a Zacks Mutual Fund Rank #1 and has an annual expense ratio of 0.62%, which is lower than the category average. To see how this fund performed compared to its category, and other #1 and 2 Ranked Mutual Funds, please click here. Red Oak Technology Select fund seeks long-term capital growth by investing primarily in stocks of companies that rely extensively on technology in their product development or operations, or which may be experiencing growth in sales and earnings driven by technology-related products and services. ROGSX primarily invests in technology companies that develop, produce, or distribute products or services related to computers, semiconductors and electronics. Red Oak Technology Select fund's returns over the three and five-year benchmarks are 12.8% and 13.5%, respectively. ROGSX carries a Zacks Mutual Fund Rank #2 and an annual expense ratio of 0.92% To see how this fund performed compared to its category, and other #1 and 2 Ranked Mutual Funds, please click here. Zacks' free Fund Newsletter will brief you on top news and analysis, as well as top-performing mutual funds, each week. Get it free >> Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Get Your Free (FSPTX): Fund Analysis Report Get Your Free (ROGSX): Fund Analysis Report Get Your Free (KTCAX): Fund Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
Scientists unite with AI to record dreams
Dreaming is a fascinating state where creativity runs wild, crafting vivid, cinematic scenes that can feel as real as everyday life—until you wake up and they vanish into memory or disappear from your recollection altogether. But what if there were a way to capture, record, and playback your dreams in the real world? At ATR Computational Neuroscience Laboratories in Kyoto, Japan, a group of scientists unveiled a complex system that uses functional magnetic resonance imaging (fMRI) and AI to 'record' people's dreams and play them back in a rough, estimated form. The experiment focused on closely observing the brain's electrical and blood flow activity in a select group of volunteers as they slept. To achieve this, researchers combined an electroencephalogram (EEG) with an fMRI machine, allowing participants to spend several nights sleeping while their brain activity was recorded. During the REM stage of sleep—when brain activity surges and dreams unfold—participants were gently awakened and asked to recount their dreams. This process was repeated hundreds of times, creating a rich database that linked distinct brain-scan patterns to specific dream imagery. Using this carefully constructed database, scientists employed deep learning algorithms to attempt to reconstruct visual content while the volunteers slept. During the tests, the system achieved approximately 60% accuracy, rising to over 70% on more specific categories like people or objects. Professor Yukiyasu Kamitani stated, 'We were able to reveal dream content from brain activity during sleep, which was consistent with the subjects' verbal reports.' The idea of watching your dreams play out like a vintage film is undeniably captivating, but the implications for neuroscience and mental health are equally remarkable. In the future, this innovative approach could be harnessed to explore emotional and cognitive patterns in various mental health conditions, providing a non-verbal and impartial glimpse into the subconscious. As the technology advances, it holds the potential to deepen our understanding of both human consciousness and the subconscious mind. However, while the technology is still in its early stages, the results it produces are often blurry and indistinct. Key elements such as colour, motion, narrative structure, and emotion remain largely elusive for now. Currently, dreams can only be captured in retrospect, after the subject has awakened, rather than in real-time. Dr. Mark Stokes points out that "all of this would have to be done within individual subjects," meaning that a universal classifier capable of interpreting anyone's dreams is not feasible. In essence, a dream-reading machine is not a one-size-fits-all solution. Nonetheless, this experiment represents a significant leap forward in the field of "oneirography," which involves the recording and documentation of dreams. As advancements in fMRI, EEG, and AI continue, the boundary between our internal mental experiences and external observation is starting to blur. "Scientists unite with AI to record dreams" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
