Security Gateway for Enterprise MCP Servers

Golf provides security infrastructure purpose-built for MCP (Model Context Protocol) servers—an emerging layer in AI application stacks that allows agents to interact with tools, APIs, and back-end systems. Traditional firewalls and API gateways cannot interpret MCP semantics, leaving organizations blind to protocol-specific risks such as prompt injection, token hijacking, and abusive agent behavior. Golf addresses this gap with a protocol-aware firewall that validates tokens against MCP specifications, enforces strict resource-indicator rules, performs schema-compliant request inspection, and blocks malicious or malformed agent traffic before it reaches production systems. The platform layers in rate limiting, RBAC-driven access controls, and CORS/security-header enforcement to bring hardened, centralized policy management to AI-native server deployments.

GolfMCP also adds full observability to environments where AI agents generate large volumes of dynamic, interdependent requests. Its dashboard exposes complete data-flow tracing, audit trails, error logging via OpenTelemetry, and real-time visibility into security events across MCP endpoints. Each file or function becomes a routed, authenticated, schema-checked endpoint without requiring decorators or manual schema wiring, making it accessible to development teams building their first agent integrations. Together, these capabilities position Golf as one of the first companies focused specifically on operational and security protection for MCP-based systems.

Golf is reportedly backed by ElevenLabs and Y Combinator.