Golf Firewall is the security layer for companies exposing MCP servers. It protects your MCP server from serving malicious or sensitive data - blocking prompt injections, PII leaks, and credential exposure before they reach customer agents.
👋 I'm Wojciech, co-founder of Golf. Your MCP server can be tricked into serving malicious data. We built the firewall to stop it.
This isn't about bad input or broken requests. Here's the attack: Your MCP server fetches data for an agent - a customer record, a support ticket, anything. But that data contains a poisoned prompt. When your server sends it back, it hijacks your customer's agent. Now you're the vector.
Antoni and I have been building in the MCP space since February. Over the past 10 months, we've worked with startups and Fortune 500s on their MCP strategies and production deployments. Across every implementation, the same pattern emerged: security is the #1 blocker preventing enterprise MCP adoption.
What Golf Does Golf Firewall is the first security layer purpose-built for MCP servers. It sits between your data platform and customer agents, inspecting every response in real-time:
✅ Stops prompt injections before they reach agents ✅ Filters PII automatically to maintain compliance ✅ Blocks credential exposure in server responses ✅ Runs on-premises - your data never leaves your infrastructure
It's how you make your MCP server secure, compliant, and enterprise-ready.
For the Product Hunt Community Golf runs on-premises in your infrastructure. For the PH community, we're offering something better than a demo: a free 30-minute MCP Security Assessment.
Audit your current MCP implementation for vulnerabilities Show you real examples of prompt injection attacks in the wild Map out your compliance requirements (SOC 2, GDPR, HIPAA) Give you a security roadmap even if you don't use Golf
Our Ask As one of the first teams securing this protocol, we'd love your feedback: - How are you thinking about securing data you serve agents? - What other "outbound" security risks in agent-to-agent communication worry you? - For those already shipping MCP servers: what's blocking you from going full production?
We'll be here all day answering questions and talking shop about MCP security.
👋 I'm Wojciech, co-founder of Golf.
Your MCP server can be tricked into serving malicious data. We built the firewall to stop it.
This isn't about bad input or broken requests. Here's the attack: Your MCP server fetches data for an agent - a customer record, a support ticket, anything. But that data contains a poisoned prompt. When your server sends it back, it hijacks your customer's agent. Now you're the vector.
Antoni and I have been building in the MCP space since February. Over the past 10 months, we've worked with startups and Fortune 500s on their MCP strategies and production deployments. Across every implementation, the same pattern emerged: security is the #1 blocker preventing enterprise MCP adoption.
That's why we built Golf.
See demo here: https://www.youtube.com/watch?v=W_J5atG-mww
What Golf Does
Golf Firewall is the first security layer purpose-built for MCP servers. It sits between your data platform and customer agents, inspecting every response in real-time:
✅ Stops prompt injections before they reach agents
✅ Filters PII automatically to maintain compliance
✅ Blocks credential exposure in server responses
✅ Runs on-premises - your data never leaves your infrastructure
It's how you make your MCP server secure, compliant, and enterprise-ready.
For the Product Hunt Community
Golf runs on-premises in your infrastructure. For the PH community, we're offering something better than a demo: a free 30-minute MCP Security Assessment.
Book a slot at https://cal.com/wojciech-blaszak... - we'll:
Audit your current MCP implementation for vulnerabilities
Show you real examples of prompt injection attacks in the wild
Map out your compliance requirements (SOC 2, GDPR, HIPAA)
Give you a security roadmap even if you don't use Golf
Our Ask
As one of the first teams securing this protocol, we'd love your feedback:
- How are you thinking about securing data you serve agents?
- What other "outbound" security risks in agent-to-agent communication worry you?
- For those already shipping MCP servers: what's blocking you from going full production?
We'll be here all day answering questions and talking shop about MCP security.
Thanks for the support!
- Wojciech & Antoni, Golf