Golf

Enterprise MCP Control Plane

662 followers

Enterprise MCP Control Plane

662 followers

Visit website

Safety and Privacy platforms

•

Security software

Golf is the enterprise control plane for MCP. It gives security and IT teams full visibility into how AI connects to enterprise systems — with policy enforcement, real-time threat blocking, and a complete audit trail. Discover, enforce, audit. End-to-end.

This is the 2nd launch from Golf. View more

Golf

Launching today

Enterprise MCP Control Plane

Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.

Payment Required

Launch tags:Artificial Intelligence•Security

Launch Team / Built With

Wispr Flow: Dictation That Works Everywhere — Stop typing. Start speaking. 4x faster.

Stop typing. Start speaking. 4x faster.

Promoted

Golf

Maker

📌

👋 I'm Wojciech, co-founder of Golf. Antoni and I have been building MCP infrastructure since the earliest days of the protocol. Over the past year, we've worked with enterprises using MCP at scale - and the same gap kept showing up: there are vertical solutions, but there's no end-to-end platform for governing how AI connects to enterprise systems. That's what Golf is. We're backed by Y Combinator and already in production at multi-thousand-employee organizations. Here's the problem we kept seeing: If you're a platform or IT team trying to enable AI tools across your org, you're stuck. You maintain a Notion allow list. Every new MCP server goes through a manual security review. And if a server has one risky tool - say a write action to production - you block the entire server. Your engineers lose access to everything, even the safe parts. That's not governance. That's a bottleneck. Meanwhile, engineers don't wait. At one company, we found 150 MCP servers running across the org. 50 of them had the ability to perform destructive actions on production systems. Nobody on the security or platform team knew they existed. What Golf does: Golf is the control plane that lets you enable your entire engineering org - without losing control. → Discover - find every MCP server and AI connection across your org. See what's running, who's using it, what data it touches. Assess and remediate the risk. → Enforce - control what every agent can do at the tool level. Allow read, block write, require approval. Block prompt injections, PII leaks, and credential exposure in real-time. All tied to real identities through your IDP. → Audit - full trail of every agent action. When compliance asks what AI touched customer data - you have the answer. For the PH community: We open-sourced our MCP inventory scanner. You can run it today, find every MCP server in your environment, and assess risk - no Golf account needed. → Try the scanner: [link] When you're ready for the full platform - enforcement, tool-level policies, audit trails - talk to us at https://golf.dev. Our ask: We'd love to hear from you: How are you managing MCP adoption across your teams today? What's blocking you from enabling AI tools org-wide? We'll be here all day. Let's talk. - Wojciech & Antoni

Report

8d ago

bunny.net

@wbbw1 awesome work, congrats on the launch!

Report

6h ago

Golf

Maker

@marek_nalikowski thanks a lot!

Report

5h ago

The "no end-to-end governance layer" observation is exactly right — most enterprise MCP security today is point solutions bolted on. The question that gets interesting at scale: how does Golf handle agent identity in multi-agent chains? If an orchestrator spawns five sub-agents that each call MCP tools, does the audit trail attribute actions to the orchestrator, each sub-agent individually, or the human session that triggered the chain? That attribution layer seems like the hardest part to get right — and the one that makes the difference between a compliance checkbox and a tool a SOC team actually trusts.

Report

9h ago

Golf

Maker

@giammbo Great question! Golf governs employees connecting your internal systems to third-party AI tools via MCP. Think an engineer using Cursor or Claude Desktop hitting your internal Notion, GitHub, or production database through MCP. In that case, you don't control anything - neither the agent, nor the tools your employees are connecting to them.

In that model, attribution is actually clean: every MCP tool call is tied to a real employee identity through your IDP. The audit trail shows you which person, using which agent, called which tool, on which system — with the full request and response. When compliance asks, "who let Claude touch customer data last Tuesday?" - you have a name, a timestamp, and the exact action.

Report

9h ago

@antoni_gmitruk1 That makes attribution much cleaner in the single-user case. The edge I keep thinking about: as Cursor and Claude Desktop get more agentic, an engineer might kick off a task and step away while the agent runs 30 tool calls autonomously. Same IDP identity — but very different oversight level. Does Golf capture anything at the session level that flags autonomous execution vs direct user-initiated calls?

Report

2h ago

Hey Wojciech, that story about finding 150 MCP servers running across an org with 50 of them able to hit production, and nobody on security knowing, is wild. Was that a specific company where you discovered that and everyone’s face just dropped?

Report

9h ago

Golf

Maker

@vouchy Yeah, honestly, not sure who was more surprised, us or them. The scanner doesn't lie though 😅

Report

9h ago