GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท mcp-server-asana

MCP Asana Server

vv2 (hosted remote)

Asana (Official)

MCPproject-managementtask-trackingmcpmodel-context-protocol
71
Adequate
About This MCP

Asana's official hosted MCP server, now V2 at https://mcp.asana.com/v2/mcp (GA 2026-02-04, Streamable HTTP, OAuth with pre-registered apps, workspace-scoped authorization); the v1/beta SSE server was shut down 2026-05-11. Exposes task, project, and status tools. Carries a notable security history: in June 2025 a flawed tenant-isolation check in the beta server exposed data of ~1,000 organizations to other tenants (Jun 5-17), prompting a two-week outage and a rearchitected V2.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task operation reliability

Operation success rate testing

Evidence
Asana Developers - Using Asana's MCP Server โ€” Reliable task creation, assignment, and querying built on the Asana REST API; documented flows include finding incomplete tasks by due date and retrieving project status
highVerified: 2026-07-09
tool set quality

Tool design and coverage review of the V2 release

Evidence
Asana Forum Changelog - V2 MCP server GA โ€” V2 GA introduced an optimized tool set, Streamable HTTP support, a new client registration model, and workspace-scoped authorizations
highVerified: 2026-07-09
search accuracy

Search quality testing

Evidence
Asana API - Search Tasks โ€” Task search builds on the workspace search API with typeahead and filter support
mediumVerified: 2026-07-09
rate limit handling

Rate limiting behavior analysis

Evidence
Asana API Rate Limits โ€” Subject to Asana API rate limits (per-minute quotas varying by plan)
mediumVerified: 2026-07-09
error recovery

Error handling testing

Evidence
Asana Developers - Integrating with Asana's MCP Server โ€” Standard API errors propagate to the client; tools/list discovery lets agents adapt to the available tool set
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tenant isolation

Review of the June 2025 cross-tenant exposure incident, its root cause, and the V2 rearchitecture; no cross-tenant incidents reported on V2 as of 2026-07-09

Evidence
BleepingComputer - Asana warns MCP AI feature exposed customer data to other orgs โ€” A logic flaw in the MCP server's tenant-isolation check (discovered 2025-06-04, exposure window Jun 5-17, 2025) let users access other organizations' tasks, project metadata, team details, comments, and uploaded files; ~1,000 customers including Fortune 500 companies were potentially affected. Not an external hack - an implementation flaw
Asana Forum Changelog - V2 MCP server GA โ€” The rearchitected V2 (GA 2026-02-04) added workspace-scoped authorizations and a new client registration model; the flawed beta architecture was fully retired when v1 shut down on 2026-05-11
highVerified: 2026-07-09
incident history and response

Assessment of detection, containment, and remediation of the June 2025 incident

Evidence
Nudge Security - Asana MCP server data exposure incident โ€” Asana took the MCP server offline immediately upon discovery (2025-06-04 discovery, service restored 2025-06-17) and notified affected organizations - but the flaw had been live since the feature launched 2025-05-01 and was found by Asana, not caught pre-release
highVerified: 2026-07-09
authentication security

Authentication mechanism review

Evidence
Asana Developers - Integrating with Asana's MCP Server โ€” V2 uses OAuth with apps pre-registered in the Asana developer console (client ID/secret); Dynamic Client Registration is deliberately not supported, tightening who can connect
highVerified: 2026-07-09
workspace access control

Access control and admin governance review

Evidence
Asana Forum Changelog - V2 MCP server GA โ€” V2 authorizations are workspace-scoped; admin app-management controls to govern MCP access are available only on Enterprise+ and Legacy Enterprise tiers - other tiers must contact support to block the MCP app
highVerified: 2026-07-09
data modification risk

Write-path risk assessment

Evidence
Asana Developers - Using Asana's MCP Server โ€” Agents can create and assign tasks and modify work items within the authorizing user's permissions
mediumVerified: 2026-07-09
audit logging

Audit logging review

Evidence
Asana Audit Log API โ€” Audit log API exists but is Enterprise-tier; during the 2025 incident, affected customers were advised to review logs for MCP access themselves - MCP-specific audit visibility remains limited on lower tiers
mediumVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
cross tenant exposure history

Assessment of realized (not just theoretical) cross-tenant privacy impact; V2 rearchitecture credited but history weighted

Evidence
BleepingComputer - Asana warns MCP AI feature exposed customer data to other orgs โ€” The June 2025 incident was itself a privacy breach: task data, project metadata, team details, comments/discussions, and uploaded files from ~1,000 organizations were exposed to other tenants' MCP sessions and AI-generated summaries
highVerified: 2026-07-09
work data exposure

Data flow analysis

Evidence
MCP Data Flow โ€” Task titles, descriptions, comments, and project plans are sent to the LLM provider as part of normal operation
highVerified: 2026-07-09
team member privacy

User privacy assessment

Evidence
Asana API - Users โ€” Assignee names, emails, and workload/activity signals are accessible within the authorized workspace
mediumVerified: 2026-07-09
third party data sharing

Data sharing analysis

Evidence
LLM Provider Policies โ€” Work management data retrieved via MCP is processed by the connected LLM provider under that provider's privacy policy
highVerified: 2026-07-09
admin privacy controls

Admin control availability review across tiers

Evidence
Asana Developers - Using Asana's MCP Server โ€” Only Enterprise+ / Legacy Enterprise admins can manage MCP access via app management; super admins on other tiers must go through support to block the app
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
Asana Developers - Using Asana's MCP Server โ€” First-party docs cover the V2 endpoint, OAuth setup, supported clients (Claude, ChatGPT, Cursor, VS Code, Claude Code, Codex), and v1-to-v2 migration
highVerified: 2026-07-09
incident disclosure

Assessment of incident disclosure practices versus public-disclosure norms

Evidence
BleepingComputer - Asana warns MCP AI feature exposed customer data to other orgs โ€” Asana notified affected organizations privately with communication forms but issued no public statement; the incident became public through press reporting and third-party security analyses
Nudge Security - Asana MCP server data exposure incident โ€” Third-party researchers, not Asana, provided the most detailed public guidance for affected customers (log review, checking AI summaries for cross-org data)
highVerified: 2026-07-09
operation visibility

Logging and traceability assessment

Evidence
Asana Audit Log API โ€” Task changes appear in Asana activity; deeper audit visibility requires Enterprise audit log access
mediumVerified: 2026-07-09
open source transparency

Source availability review

Evidence
Asana Developers - MCP Server โ€” Closed-source hosted service; the tenant-isolation flaw class that caused the 2025 incident is not externally auditable
highVerified: 2026-07-09
versioning and deprecation communication

Review of version lifecycle communication

Evidence
Asana Forum Changelog - V2 MCP server GA โ€” V2 GA announced 2026-02-04 with a clear migration path and an explicit v1/beta shutdown date (2026-05-11), communicated via changelog and developer docs
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of setup

Setup complexity assessment

Evidence
Asana Developers - Using Asana's MCP Server โ€” Hosted endpoint with browser OAuth for supported clients; custom clients must pre-register an app in the developer console since DCR is not supported
highVerified: 2026-07-09
reliability

Reliability analysis including incident-driven downtime

Evidence
Nudge Security - Asana MCP server data exposure incident โ€” Stable on Asana's production API, but the service has taken one full ~2-week outage (Jun 5-17, 2025) when pulled offline for the incident
mediumVerified: 2026-07-09
api performance

Performance assessment

Evidence
Asana Developer Platform โ€” Performance tracks the Asana REST API; V2's Streamable HTTP transport is the current remote-server standard
mediumVerified: 2026-07-09
feature coverage

Feature coverage assessment

Evidence
Asana Developers - Using Asana's MCP Server โ€” Covers tasks, projects, sections, and status reporting; an optimized (deliberately curated) tool set rather than full API surface
mediumVerified: 2026-07-09
maintenance activity

Maintenance and release cadence review

Evidence
Asana Forum Changelog - V2 MCP server GA โ€” Active first-party investment: beta May 2025, post-incident rearchitecture, V2 GA Feb 2026, managed v1 sunset May 2026, native integrations in Claude and ChatGPT
highVerified: 2026-07-09
Strengths
  • +Official Asana-hosted V2 remote (https://mcp.asana.com/v2/mcp) with Streamable HTTP and OAuth; GA since 2026-02-04
  • +Post-incident rearchitecture: workspace-scoped authorizations, pre-registered OAuth apps (no DCR), and an optimized tool set replaced the flawed beta architecture
  • +Broad client support including native Claude and ChatGPT integrations plus Cursor, VS Code, Claude Code, and Codex
  • +Clear version lifecycle management: documented migration and explicit v1 shutdown date (2026-05-11)
  • +Solid task/project operation reliability on the mature Asana REST API
Limitations
  • !SECURITY HISTORY: June 2025 cross-tenant incident - a flawed tenant-isolation check exposed tasks, project metadata, comments, and files of ~1,000 organizations to other tenants (Jun 5-17, 2025); the server was offline ~2 weeks and subsequently rearchitected as V2
  • !Incident disclosure was private-notification only; no public statement - details reached the public via press and third-party researchers
  • !Closed-source hosted multi-tenant service: the isolation logic that failed in 2025 remains externally unauditable
  • !Admin app-management controls for MCP are limited to Enterprise+ / Legacy Enterprise; other tiers must contact support to block access
  • !Task content, comments, attachments, and team member data flow to the LLM provider
  • !V2 does not support OAuth Dynamic Client Registration - custom clients must pre-register in the developer console
  • !MCP-specific audit visibility is limited outside Enterprise audit-log tiers
Metadata
license: Proprietary (hosted service)
supported platforms
0: Hosted remote (https://mcp.asana.com/v2/mcp)
1: Any MCP client with Streamable HTTP and OAuth support
programming languages
0: N/A (hosted service)
mcp version: 1.0
docs: https://developers.asana.com/docs/using-asanas-mcp-server
api dependency: Asana REST API
authentication: OAuth with pre-registered apps (Dynamic Client Registration not supported in V2)
remote endpoint: https://mcp.asana.com/v2/mcp
first release: 2025-05-01 (beta); 2026-02-04 (V2 GA); v1 shut down 2026-05-11
maintained by: Asana
status: Active - V2 GA; v1/beta SSE server shut down 2026-05-11
security incidents
0: [object Object]
transport types
0: streamable-http (v2)
1: sse (v1, shut down 2026-05-11)

Use Case Ratings

code generation

Useful for issue-driven development when engineering work is tracked in Asana

customer support

Workable for support task tracking; incident history warrants caution with customer data in tasks

content creation

Good for editorial calendars and content production tracking

data analysis

Good for project status, workload, and portfolio reporting

research assistant

Useful for research project organization and task management

legal compliance

The 2025 cross-tenant exposure history makes this a hard sell for privileged matter tracking

healthcare

Prior multi-tenant isolation failure argues against PHI-adjacent project data

financial analysis

Sensitive deal/finance project data carries elevated risk given incident history

education

Good for coursework planning and group project coordination

creative writing

Useful for tracking writing pipelines and editorial tasks