Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.
👋 I'm Wojciech, co-founder of Golf. Antoni and I have been building MCP infrastructure since the earliest days of the protocol. Over the past year, we've worked with enterprises using MCP at scale - and the same gap kept showing up: there are vertical solutions, but there's no end-to-end platform for governing how AI connects to enterprise systems.
That's what Golf is. We're backed by Y Combinator and already in production at multi-thousand-employee organizations.
Here's the problem we kept seeing:
If you're a platform or IT team trying to enable AI tools across your org, you're stuck. You maintain a Notion allow list. Every new MCP server goes through a manual security review. And if a server has one risky tool - say a write action to production - you block the entire server. Your engineers lose access to everything, even the safe parts.
That's not governance. That's a bottleneck.
Meanwhile, engineers don't wait. At one company, we found 150 MCP servers running across the org. 50 of them had the ability to perform destructive actions on production systems. Nobody on the security or platform team knew they existed.
What Golf does:
Golf is the control plane that lets you enable your entire engineering org - without losing control.
→ Discover - find every MCP server and AI connection across your org. See what's running, who's using it, what data it touches. Assess and remediate the risk.
→ Enforce - control what every agent can do at the tool level. Allow read, block write, require approval. Block prompt injections, PII leaks, and credential exposure in real-time. All tied to real identities through your IDP.
→ Audit - full trail of every agent action. When compliance asks what AI touched customer data - you have the answer.
For the PH community:
We open-sourced our MCP inventory scanner. You can run it today, find every MCP server in your environment, and assess risk - no Golf account needed.
→ Try the scanner: [link]
When you're ready for the full platform - enforcement, tool-level policies, audit trails - talk to us at https://golf.dev.
Our ask:
We'd love to hear from you:
How are you managing MCP adoption across your teams today?
What's blocking you from enabling AI tools org-wide?
We'll be here all day. Let's talk.
- Wojciech & Antoni
I’ve seen how much work went into this - super impressive to see Golf live and solving real enterprise gaps. Congrats on the launch @wbbw1@wbbw1 💪
Golf.dev is awesome because it finally gives you clear control and visibility over what your AI agents are doing with tools and data. After using it, it just feels like the missing security layer every MCP-based system should have.
Also rooting for your Product Hunt launch - guys, go smash it, this deserves a lot of love. Good luck! 🚀
Visibility is so important. People forget things all the time. Having to deal with "orphaned" MCPs that could become the next security risk is definitely not ideal.
The 'control plane' framing is smart — as MCP adoption scales across enterprise teams, the governance layer is often an afterthought until something goes wrong. Centralized audit trails for agentic actions in particular will be a real selling point for compliance-heavy orgs. Curious how you handle policy conflicts when multiple teams have deployed agents with overlapping permissions — is that a manual resolution process or something Golf enforces automatically? Also wondering if the tooling surfaces enough context in the audit trail for non-technical stakeholders (legal, infosec) to actually act on what they're seeing.
Report
Most enterprise infra tools I've tracked struggle with the validation paradox: enterprises want proven scale, but scale requires enterprise adoption first. Are you seeing traction through bottom-up developer adoption or top-down enterprise sales?
Replies
Golf
bunny.net
@wbbw1Â awesome work, congrats on the launch!
Golf
@marek_nalikowski thanks a lot!
@wbbw1Â congrats!
Sales Research In GCal
Pumped! Congrats on the launch.
AgentX
I’ve seen how much work went into this - super impressive to see Golf live and solving real enterprise gaps. Congrats on the launch @wbbw1 @wbbw1 💪
Prism AI
Love this product. We use it here at Prism everyday
AgentX
Golf.dev is awesome because it finally gives you clear control and visibility over what your AI agents are doing with tools and data. After using it, it just feels like the missing security layer every MCP-based system should have.
Also rooting for your Product Hunt launch - guys, go smash it, this deserves a lot of love. Good luck! 🚀
Prism Videos
Why would I use an MCP server over a CLI?
Magic Patterns
Golf
@alexdanilowicz thanks Alex!
Trufflow
Visibility is so important. People forget things all the time. Having to deal with "orphaned" MCPs that could become the next security risk is definitely not ideal.
Told
The 'control plane' framing is smart — as MCP adoption scales across enterprise teams, the governance layer is often an afterthought until something goes wrong. Centralized audit trails for agentic actions in particular will be a real selling point for compliance-heavy orgs. Curious how you handle policy conflicts when multiple teams have deployed agents with overlapping permissions — is that a manual resolution process or something Golf enforces automatically? Also wondering if the tooling surfaces enough context in the audit trail for non-technical stakeholders (legal, infosec) to actually act on what they're seeing.
Most enterprise infra tools I've tracked struggle with the validation paradox: enterprises want proven scale, but scale requires enterprise adoption first. Are you seeing traction through bottom-up developer adoption or top-down enterprise sales?