Morgan — Security & Compliance Lead
Type: Secondary Persona
Responsibilities
- Responsible for access control, audits, and policy enforcement
- Often brought in late, after integrations are already live
- Has been holding up 75% of the partner AI integration projects
Related Problem Statements
| Problem Statement | Context | Impact | Naftiko Today | Naftiko Tomorrow | Type |
|---|---|---|---|---|---|
|
Need to Securely Enable MCP in Developer IDEs
Security teams must evaluate and approve MCP server usage within developer IDEs before enterprise-wide adoption can proceed.
|
|||||
|
Need MCP Streaming to Work with Enterprise Security
HTTP streaming and SSE connections required by MCP and AI services conflict with existing corporate security policies and infrastructure.
|
|||||
|
Need Agent-to-Agent Identity Propagation
Identity and authorization tokens must be properly propagated when AI agents call other agents or services in multi-hop scenarios.
|
|||||
|
Need Governance Review Tracking
Morgan needs to track and report on API governance reviews across the portfolio.
|
|||||
|
Need Centralized Credential Management
Morgan needs teams to obtain API tokens and keys from an internal gateway rather than directly from 3rd-party providers.
|
|||||
|
Need to Govern AI-Generated Code
Morgan needs to ensure AI coding assistants follow security policies when generating code, with attestation of compliance.
|
|||||
|
Need Explicit Agent Boundaries
Repositories need to explicitly declare what AI agents are allowed to change and what is off-limits.
|