BotBeat
...
← Back

> ▌

TraceforceTraceforce
PRODUCT LAUNCHTraceforce2026-07-16

Traceforce Launches AI Security Platform to Monitor and Control Enterprise AI Usage

Key Takeaways

  • ▸Traceforce monitors all AI applications and their MCP connections on company devices, discovering an average of 15 AI apps per device with 5-10 MCP integrations each
  • ▸Already deployed across 1,000+ devices at 10 organizations with real-time monitoring and preventive security controls
  • ▸Includes open-source MCP pentesting tool to detect vulnerable integrations, exposed secrets, and risky API patterns
Source:
Hacker Newshttps://news.ycombinator.com/item?id=48937020↗

Summary

Traceforce, a Y Combinator S26 startup founded by Xia Hua and Varun, has launched a comprehensive platform for monitoring and securing AI applications across enterprise devices. The solution provides visibility and control over AI apps like ChatGPT and Claude, while tracking their connections to external services via Model Context Protocol (MCP) integrations. The platform consists of a lightweight device binary and browser extension that discovers all AI applications running on company devices and their data connections within 30 minutes of deployment.

The platform addresses a critical blind spot in enterprise security: the rapid adoption of AI tools often outpaces security teams' ability to monitor and control them. Traceforce enables security teams to monitor AI agent activities in real-time, implement preventive controls, and detect security risks without slowing developer productivity. The company has already deployed its solution across more than 1,000 devices at 10 organizations, discovering an average of 15 AI applications per device with each connected to 5-10 MCPs.

Beyond monitoring, Traceforce provides preventive security capabilities including detection of exposed plaintext secrets in MCP configurations, prevention of API key leaks through AI-generated code, and warnings before execution of potentially destructive commands. The company has also released an open-source MCP pentesting tool (mcp-xray) to help organizations identify vulnerable integrations. Traceforce is targeting mid-market enterprises (200+ employees) rapidly adopting AI coding assistants.

  • Emphasizes 'warn and acknowledge' approach that maintains developer productivity while preventing security incidents

Editorial Opinion

Traceforce addresses a critical blind spot in enterprise security precisely when it matters most—as AI adoption accelerates, the visibility gap between employee AI tool usage and security team oversight has become a genuine liability. The founders' 'warn and acknowledge' philosophy strikes an important balance: rather than imposing restrictive controls that would create shadow IT around AI tools, the platform empowers developers to make informed decisions while security teams maintain oversight. With 1,000+ deployed devices already generating real security incidents, Traceforce's early traction suggests strong product-market fit, though scaling adoption while maintaining trust with developers and managing privacy concerns will remain critical challenges.

AI AgentsMLOps & InfrastructureCybersecurityStartups & Funding

Comments

Suggested

VisaVisa
OPEN SOURCE

Visa Open-Sources VVAH: AI-Powered Agentic Harness for Vulnerability Discovery and Remediation

2026-07-16
AnthropicAnthropic
RESEARCH

Bun's 11-Day Rust Migration Shows Anthropic's Fable AI Reshaping Software Rewrites

2026-07-16
AnthropicAnthropic
UPDATE

Anthropic Brings Inline Diffs to Claude Code, Matching Cursor's Key Feature

2026-07-16
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us