Golf

Golf is a security platform focused on governing AI agents and Model Context Protocol (MCP) connections within enterprise environments. The platform addresses security risks introduced by AI coding tools and agents — such as Cursor, GitHub Copilot, Claude Code, ChatGPT Enterprise, and Windsurf — that connect to organizational data sources without oversight from security teams. The platform is organized around three core capabilities: - Discovery: Identifies every AI agent, MCP server, and data connection active in an organization's environment, including unauthorized or unknown ("shadow") integrations. It monitors tool usage, data access, and actions taken. - Enforcement: Routes all MCP traffic through a centralized gateway where granular policies can be applied per tool, team, and data source. It blocks unauthorized access, PII exposure, and credential leaks in real time with sub-millisecond latency. Policies include IAM-based controls with instant rollback. - Audit: Maintains a 90-day trail of all agent prompts, actions, and data access events. Audit logs are pre-mapped to compliance frameworks including SOC 2, ISO 27001, NIST AI RMF, and FINRA, with evidence export functionality. Golf integrates natively with enterprise SIEM and observability tools, as well as identity providers via SSO. Deployment is endpoint-based and described as requiring minimal setup time. The platform targets enterprise organizations where AI developer tools are in active use and where security teams lack visibility into what those tools access or modify.