Golf
The enterprise firewall for MCP providers
524 followers
The enterprise firewall for MCP providers
524 followers
Golf Firewall is the security layer for companies exposing MCP servers. It protects your MCP server from serving malicious or sensitive data - blocking prompt injections, PII leaks, and credential exposure before they reach customer agents.
Golf
👋 I'm Wojciech, co-founder of Golf.
Your MCP server can be tricked into serving malicious data. We built the firewall to stop it.
This isn't about bad input or broken requests. Here's the attack: Your MCP server fetches data for an agent - a customer record, a support ticket, anything. But that data contains a poisoned prompt. When your server sends it back, it hijacks your customer's agent. Now you're the vector.
Antoni and I have been building in the MCP space since February. Over the past 10 months, we've worked with startups and Fortune 500s on their MCP strategies and production deployments. Across every implementation, the same pattern emerged: security is the #1 blocker preventing enterprise MCP adoption.
That's why we built Golf.
See demo here:
What Golf Does
Golf Firewall is the first security layer purpose-built for MCP servers. It sits between your data platform and customer agents, inspecting every response in real-time:
✅ Stops prompt injections before they reach agents
✅ Filters PII automatically to maintain compliance
✅ Blocks credential exposure in server responses
✅ Runs on-premises - your data never leaves your infrastructure
It's how you make your MCP server secure, compliant, and enterprise-ready.
For the Product Hunt Community
Golf runs on-premises in your infrastructure. For the PH community, we're offering something better than a demo: a free 30-minute MCP Security Assessment.
Book a slot at https://cal.com/wojciech-blaszak... - we'll:
Audit your current MCP implementation for vulnerabilities
Show you real examples of prompt injection attacks in the wild
Map out your compliance requirements (SOC 2, GDPR, HIPAA)
Give you a security roadmap even if you don't use Golf
Our Ask
As one of the first teams securing this protocol, we'd love your feedback:
- How are you thinking about securing data you serve agents?
- What other "outbound" security risks in agent-to-agent communication worry you?
- For those already shipping MCP servers: what's blocking you from going full production?
We'll be here all day answering questions and talking shop about MCP security.
Thanks for the support!
- Wojciech & Antoni, Golf
@wbbw1 On premises deployment makes sense for enterprise, but what's the latency hit on inspecting every response in real time? That could kill performance for high volume MCP servers.
Product Hunt
You're doing god's work.
Me and some colleagues are trying to understand though -- why "Golf"? Is there some hidden meaning?
Golf
@andrew_g_stewart "your MCP security done in one" ;)) the real thing is, I do drive Volkswagen Golf lol
Cal ID
Congrats on the launch!
How does the firewall differentiate between legitimate and malicious prompts in real time?
Golf
@sanskarix Thanks! We run a fine-tuned LLM that detects prompt-injection and other malicious instruction patterns in real time. Each request is classified instantly and — depending on the score and your policies— we either allow or block it before it leaves the MCP server. We inspect all payloads flowing in and out of the server so that adversarial content never reaches your customers’ agents.
Cal ID
@antoni_gmitruk1 That's a smart approach, all the best for the launch!
Golf
@antoni_gmitruk1 @sanskarix thanks Sanskar!
Stormy
MCP security is obvious issue no one approached yet. Glad Golf tackled it
Golf
@karmedge IT IS! Thanks for your support and upvote!
Golf
@karmedge totally agree!
damn I was recently trying to figure it out with my enterprise client.
dm me guys, I need to try it
Golf
@artur_wala1 exciting! just sent you DM
This looks sick! Are you guys planning to release some benchmarks or public experiments to expose how big of an issue this is?
Golf
@luca_martial Thanks Luca! Yes, we are planning to release case studies soon. We've done quite a few benchmarks and experiments on already released public MCP servers, and there are some interesting results.
Golf
@luca_martial thanks:) we are planning to
Plexe
Excited to try this out!
Golf
@vaibhav_dubey3 nice! curious what MCP are you using?