Morgan — Security & Compliance Lead | Markets

Morgan — Security & Compliance Lead

morgan

Type: Secondary Persona

Responsibilities

Responsible for access control, audits, and policy enforcement
Often brought in late, after integrations are already live
Has been holding up 75% of the partner AI integration projects

Problem Statement	Context	Impact	Naftiko Today	Naftiko Tomorrow	Type
Need to Securely Enable MCP in Developer IDEs Security teams must evaluate and approve MCP server usage within developer IDEs before enterprise-wide adoption can proceed. Morgan (Security & Compliance Lead) — AI Context Delivery, Governance and Compliance, Agent-Ready Developer Experience
Need MCP Streaming to Work with Enterprise Security HTTP streaming and SSE connections required by MCP and AI services conflict with existing corporate security policies and infrastructure. Morgan (Security & Compliance Lead) — AI Context Delivery, Governance and Compliance
Need Agent-to-Agent Identity Propagation Identity and authorization tokens must be properly propagated when AI agents call other agents or services in multi-hop scenarios. Morgan (Security & Compliance Lead) — Governance and Compliance
Need Governance Review Tracking Morgan needs to track and report on API governance reviews across the portfolio. Morgan (Security & Compliance Lead) — Governance and Compliance
Need Centralized Credential Management Morgan needs teams to obtain API tokens and keys from an internal gateway rather than directly from 3rd-party providers. Morgan (Security & Compliance Lead) — Governance and Compliance
Need to Govern AI-Generated Code Morgan needs to ensure AI coding assistants follow security policies when generating code, with attestation of compliance. Morgan (Security & Compliance Lead) — Governance and Compliance
Need Explicit Agent Boundaries Repositories need to explicitly declare what AI agents are allowed to change and what is off-limits. Morgan (Security & Compliance Lead) — Governance and Compliance, Agent-Ready Developer Experience
Need Air-Gapped Agent and MCP Deployment Regulated enterprises need agentic and MCP runtimes that deploy fully inside their own VPC, OpenShift, or air-gapped environment — with complete traceability of every call — rather than depending on SaaS control planes or pay-per-use utility-model vendors. Morgan (Security & Compliance Lead) — Governance and Compliance, AI Context Delivery
Need MCP Behavioral Conformance Governance Need a way to control that an MCP server actually behaves like it is intended to behave at runtime, not just that it exists in a registry. Morgan (Security & Compliance Lead) — Governance and Compliance, Agent-Ready Developer Experience
Need MCP Data Leak Prevention MCP servers must be prevented from letting sensitive data out of the enterprise when someone on the implementation side didn't pay enough attention to egress controls. Morgan (Security & Compliance Lead) — Governance and Compliance
Need Internal Enterprise Agent Platforms with Data Residency Sovereign-data enterprises need agent platforms they can stand up internally — controlled deployment, controlled training data, controlled residency — rather than calling out to a third-party SaaS. Morgan (Security & Compliance Lead) — Governance and Compliance, Cost and Operations