Summary
Host Aparna Sinha sits down with Mustafa Furniturewala, CTO of Coursera, and Jiquan Ngiam, co-founder and CEO of Mint MCP, on what it takes to become AI-native inside a fourteen-year-old public company, in the one industry everyone assumes AI will replace. Mustafa walks through the playbook: encourage AI rather than police it, then add the enablement and guardrails to make it safe, an MCP gateway that governs data access, tools bundled by role, and deterministic policies IT can stand behind. Jiquan explains why MCP exists and what it does that APIs and CLIs can't: tools built for the model to call, with a security boundary an API key cannot express. The conversation gets into agentic code migration across 200+ repos, managing context with nested CLAUDE.md files instead of graph-database indexing, background agents that act like coworkers, a supply-chain attack that turned a compromised npm package against developer machines, and how Coursera's business users now write their own AI skills, driving more than a quarter of the company's Claude usage.
Chapters
Chapters
Why Listen
If you are trying to move an enterprise from AI experiments to AI-native, this is the operator's account of how one CTO did it without slowing down. Mustafa's lean-in-then-guardrail sequence is a repeatable playbook, and his candor about what fails (point an agent at a decade-old codebase cold and it hallucinates) is as useful as the wins. Jiquan gives the clearest explanation of why MCP matters that cuts through the hype, and both guests show how the same enablement layer that transforms engineering also unlocks business users.
Key Takeaways
- Blocking AI is a security risk: block a useful tool and people route around it with unsafe copy-paste and temporary data stores, so enablement is the safer path
- MCP tools are built for the model to call, not for developers; one MCP tool call can wrap several API calls with validation, and expose a boundary an API key cannot (read and write, but never delete)
- An MCP gateway governs MCP sprawl: Coursera bundles tools by role, hosts its own servers, and sets deterministic policies like no deleting and read only public Slack channels
- Agentic migration turned weeks of work into two to three hours across 200+ repos and millions of lines, but only with the system around the agent; point Claude Code at a codebase that size cold and it hallucinates
- For large codebases, manage context with inline search and nested CLAUDE.md files rather than reaching for graph-database indexing
- Background agents act like coworkers: a sandboxed loop where Claude plans and codes and Codex reviews with fresh eyes, triggered from Slack, running async and in parallel
- Business users write their own AI skills: Coursera forked Anthropic's knowledge-work skills, and more than a quarter of Claude usage now comes from people who don't code, via Claude Cowork
- Becoming AI-native is a practice you keep improving, sustained by an AI council, a plugins repo, monthly awards, and internal sessions where people show how they use AI
- Security has to be designed in, not bolted on: a compromised npm package used Claude Code on developer machines to find GitHub secrets, making the case for secure-by-design MCP deployments
Insights
In the fourth episode of Enterprise Aligned AI, host Aparna Sinha sits down with Mustafa Furniturewala, CTO of Coursera, and Jiquan Ngiam, co-founder and CEO of Mint MCP. Coursera is fourteen years old and public, in the one industry everyone assumes AI will replace. Instead of blocking AI, Mustafa leaned in, then built the structure to make leaning in safe.
Lean in, because blocking is worse
Mustafa’s starting point was to encourage AI use, in the product and across the company. On education, he reframes the smarter-or-dumber debate: the problem AI surfaced was already there.
“The assessment types, like multiple-choice questions, are not the most effective way to learn, and AI is exposing that faster than we expected.” — Mustafa Furniturewala
The case for enablement is a security case. Block a useful tool and people route around it, copying data into temporary stores you cannot see. Blocking relocates the risk instead of removing it.
Why MCP, and why a gateway
Jiquan corrects a debate the internet keeps garbling. APIs were designed for developers and are CRUD-based. MCP tools are designed for the model to call, so reliability is higher, and one tool call can wrap several API calls with validation. The security difference is concrete: an API key can read, write, and delete, while the MCP layer exposes a tool abstraction that never calls the delete API.
Coursera hit close to 100% AI adoption before it had enablement. API tokens were scattered, business users wanted access, and nobody could answer which MCP tools were approved. An MCP gateway closed that gap, bundling tools by role and letting IT set deterministic boundaries.
“It cannot be prompt the bot to say please don’t do this, pray and hope. Put a sandbox around it, and the only way for data to leave and enter the sandbox is through the MCP gateway.” — Jiquan Ngiam
Transforming engineering, then everyone
Coursera migrated code that took engineers weeks in two to three hours, across 200+ repos and millions of lines. The honest caveat matters as much as the number: point Claude Code at a codebase that size cold and it hallucinates. The setup around the agent, documented architecture and nested CLAUDE.md files, does the work. Jiquan runs review as a background agent, a sandboxed loop where Claude plans and Codex reviews with fresh eyes, triggered from Slack.
The demand that surprised Mustafa came from business users. Coursera forked Anthropic’s knowledge-work skills, tuned them to how the company runs, and now more than a quarter of its Claude usage comes from people who don’t write code.
What becoming AI-native takes
Becoming AI-native is a practice you keep improving, sustained by an AI council, a plugins repo, monthly awards, and sessions where people show how they use AI.
“I don’t think we are fully there either. We’re getting there, but the key is to have a system, keep improving it, and create feedback loops where the value compounds over time.” — Mustafa Furniturewala
Speakers

Mustafa Furniturewala
Chief Technology Officer @ Coursera
Mustafa Furniturewala is the Chief Technology Officer at Coursera, where he has spent more than eleven years and now leads product and technology strategy across engineering, infrastructure, data, security, and IT. He is spearheading Coursera's generative AI strategy, both in the products Coursera builds for learners and in how the engineering team itself works, from agentic code migration to background agents to an MCP gateway for secure data access. Before Coursera, he held engineering roles at Twitter, Evernote, and Citrix.

Jiquan Ngiam
Co-Founder & CEO @ Mint MCP
Jiquan Ngiam is the co-founder and CEO of Mint MCP, an MCP gateway that gives enterprises secure, governed data access for AI agents. Before Mint MCP, he worked on Google Brain and Waymo, and did his graduate work under Andrew Ng at Stanford, where he contributed to early deep learning research and helped build the first online machine learning courses that became Coursera. His thesis is that as agents become coworkers, enterprises need a security boundary around what they can access, and Mint MCP provides that layer.