# Golf

> Golf is an MCP security and governance platform that discovers, enforces policies on, and audits every AI agent and MCP server connection in your organization.

Golf is an enterprise-grade control plane for AI agent and MCP security, giving security teams full visibility into every AI tool, MCP server, and data connection — including shadow infrastructure they didn't know existed. It operates at the MCP layer rather than the LLM layer, meaning it governs where agents connect to your data without interfering with how engineers work. Golf maps to major compliance frameworks including SOC 2, ISO 27001, NIST AI RMF, and FINRA, and deploys in minutes with sub-millisecond enforcement latency.

- **Shadow AI Discovery** — *Deploy Golf to automatically surface every AI agent, MCP server, and data connection in your environment, including ones set up without IT approval.*
- **Real-Time Policy Enforcement** — *Define granular policies per tool, team, and data source; Golf blocks PII exposure, credential leaks, and unauthorized access in real time with sub-ms latency.*
- **90-Day Audit Trail** — *Every prompt, action, and data access is logged for 90 days and pre-mapped to SOC 2, ISO 27001, NIST AI RMF, and FINRA for evidence export in minutes.*
- **MCP Gateway** — *All agent traffic flows through Golf's MCP Gateway, providing a single enforcement point without requiring changes to LLM configurations or developer workflows.*
- **Identity & SIEM Integration** — *Integrates natively with your IDP via SSO and streams agent activity to your SIEM for unified security operations.*
- **Threat Detection** — *Detects prompt injection attacks, compromised MCP servers, and unauthorized data exfiltration attempts in real time.*
- **Compliance Readiness** — *Pre-mapped controls for FINRA 2026, EU AI Act, SOC 2, and HIPAA allow audit evidence export in minutes rather than days.*
- **Broad Agent Support** — *Works with Cursor, Claude Code, GitHub Copilot, ChatGPT Enterprise, Windsurf, and custom agents — covering 40+ integrations out of the box.*

## Features
- Shadow AI Discovery
- MCP Gateway enforcement
- Real-time policy enforcement
- Sub-millisecond latency
- 90-day audit trail
- SOC 2 / ISO 27001 / NIST AI RMF / FINRA compliance mapping
- Prompt injection detection
- PII exposure blocking
- Credential leak prevention
- SSO / IDP integration
- SIEM streaming
- Evidence export
- Granular per-tool and per-team policies
- Instant rollback

## Integrations
Cursor, Claude Code, GitHub Copilot, ChatGPT Enterprise, Windsurf, Microsoft Sentinel, Splunk, Okta, Azure AD, Custom MCP Servers

## Platforms
WEB, API

## Pricing
Paid

## Links
- Website: https://golf.dev
- Documentation: https://golf.dev
- EveryDev.ai: https://www.everydev.ai/tools/golf-dev