Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.
👋 I'm Wojciech, co-founder of Golf. Antoni and I have been building MCP infrastructure since the earliest days of the protocol. Over the past year, we've worked with enterprises using MCP at scale - and the same gap kept showing up: there are vertical solutions, but there's no end-to-end platform for governing how AI connects to enterprise systems.
That's what Golf is. We're backed by Y Combinator and already in production at multi-thousand-employee organizations.
Here's the problem we kept seeing:
If you're a platform or IT team trying to enable AI tools across your org, you're stuck. You maintain a Notion allow list. Every new MCP server goes through a manual security review. And if a server has one risky tool - say a write action to production - you block the entire server. Your engineers lose access to everything, even the safe parts.
That's not governance. That's a bottleneck.
Meanwhile, engineers don't wait. At one company, we found 150 MCP servers running across the org. 50 of them had the ability to perform destructive actions on production systems. Nobody on the security or platform team knew they existed.
What Golf does:
Golf is the control plane that lets you enable your entire engineering org - without losing control.
→ Discover - find every MCP server and AI connection across your org. See what's running, who's using it, what data it touches. Assess and remediate the risk.
→ Enforce - control what every agent can do at the tool level. Allow read, block write, require approval. Block prompt injections, PII leaks, and credential exposure in real-time. All tied to real identities through your IDP.
→ Audit - full trail of every agent action. When compliance asks what AI touched customer data - you have the answer.
For the PH community:
We open-sourced our MCP inventory scanner. You can run it today, find every MCP server in your environment, and assess risk - no Golf account needed.
→ Try the scanner: [link]
When you're ready for the full platform - enforcement, tool-level policies, audit trails - talk to us at https://golf.dev.
Our ask:
We'd love to hear from you:
How are you managing MCP adoption across your teams today?
What's blocking you from enabling AI tools org-wide?
We'll be here all day. Let's talk.
- Wojciech & Antoni
The 'control plane' framing is smart — as MCP adoption scales across enterprise teams, the governance layer is often an afterthought until something goes wrong. Centralized audit trails for agentic actions in particular will be a real selling point for compliance-heavy orgs. Curious how you handle policy conflicts when multiple teams have deployed agents with overlapping permissions — is that a manual resolution process or something Golf enforces automatically? Also wondering if the tooling surfaces enough context in the audit trail for non-technical stakeholders (legal, infosec) to actually act on what they're seeing.
Visibility is so important. People forget things all the time. Having to deal with "orphaned" MCPs that could become the next security risk is definitely not ideal.
Golf.dev is awesome because it finally gives you clear control and visibility over what your AI agents are doing with tools and data. After using it, it just feels like the missing security layer every MCP-based system should have.
Also rooting for your Product Hunt launch - guys, go smash it, this deserves a lot of love. Good luck! 🚀
I’ve seen how much work went into this - super impressive to see Golf live and solving real enterprise gaps. Congrats on the launch @wbbw1@wbbw1 💪
Congrats on the launch@wbbw1! What's the story behind the "Golf" name?
Hey Wojciech, that story about finding 150 MCP servers running across an org with 50 of them able to hit production, and nobody on security knowing, is wild. Was that a specific company where you discovered that and everyone’s face just dropped?
The "no end-to-end governance layer" observation is exactly right — most enterprise MCP security today is point solutions bolted on. The question that gets interesting at scale: how does Golf handle agent identity in multi-agent chains? If an orchestrator spawns five sub-agents that each call MCP tools, does the audit trail attribute actions to the orchestrator, each sub-agent individually, or the human session that triggered the chain? That attribution layer seems like the hardest part to get right — and the one that makes the difference between a compliance checkbox and a tool a SOC team actually trusts.
About Golf on Product Hunt
“Enterprise MCP Control Plane”
Golf launched on Product Hunt on March 5th, 2026 and earned 216 upvotes and 15 comments, placing #5 on the daily leaderboard. Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.
Golf was featured in Artificial Intelligence (466.2k followers) and Security (2.5k followers) on Product Hunt. Together, these topics include over 90.8k products, making this a competitive space to launch in.
Who hunted Golf?
Golf was hunted by Garry Tan. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how Golf stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Garry Tan