Runlayer launches from stealth with $11M seed round and eight unicorn customers

A new Model Context Protocol (MCP) security startup, Runlayer, officially launched out of stealth on Monday, backed by $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis.

Runlayer is the latest venture from three-time founder Andrew Berman, who previously built the baby-monitor startup Nanit and the AI video conferencing platform Vowel, which was acquired by Zapier in 2024.

In the four months that Runlayer has been quietly operating its product, the company says it has already signed dozens of customers — including eight unicorns and publicly listed companies such as Gusto, dbt Labs, Instacart, and Opendoor. The startup has also brought on David Soria Parra, the lead creator of the MCP standard, as an angel investor and advisor, Berman told TechCrunch. (Parra did not respond to a request for comment.)

MCP was launched by Parra’s team at Anthropic in November 2024 as an open-source protocol. It has since become the industry standard for enabling AI agents to securely connect to the data and systems they need to operate. Through MCP, agents can retrieve information, move or modify data, and execute business processes autonomously — without human intervention.

All major primary AI model providers, including OpenAI, Microsoft, Google, and AWS, now support the protocol. It is backed by thousands of technology and enterprise businesses, such as Atlassian, Asana, Stripe, and Block, as well as global consumer brands.

“Everyone talks about AI,” said Berman, who now serves as Runlayer’s CEO. “But AI is really only as useful as the tools and the resources it has access to.”

The challenge, he explains, is that MCP itself includes minimal built-in security protections. As adoption surged, vulnerabilities began to emerge across various MCP implementations.

In one high-profile example, researchers at Invariant Labs discovered a prompt-injection vulnerability in May that enabled unauthorised access to private GitHub repositories via an MCP server. A separate vulnerability discovered in Asana’s MCP server in June could have exposed customer data. Since then, researchers have identified several more attack vectors across commonly deployed MCP setups.

These weaknesses have triggered a wave of MCP-related security products from major companies such as Cloudflare, Docker, and Wiz, along with a growing ecosystem of startups focused on securing AI agent infrastructure.

The most common solution today is an MCP gateway — a protective layer that validates AI agents and restricts what systems they can access.

Runlayer aims to go far beyond that. Its platform bundles a gateway with a suite of additional enterprise-grade features:

• Threat detection that inspects every MCP request
• Observability tools that track all agent activity across approved MCP servers
• Enterprise automation tools that allow IT teams to build secure agentic workflows
• Granular permissions tied to Okta, Entra, and other identity providers

Much like competing platforms — including the open-source project Obot — Runlayer presents business users with an Okta-style catalogue of pre-approved MCP servers that their internal IT teams have approved. The platform maps agent access to the same permissions that apply to human users, ensuring that read-only, write-access, or restricted systems operate under identical corporate rules.

Berman believes Runlayer’s most significant advantage is not just the breadth of its platform but the depth of experience on its founding team. After Vowel was acquired, he became Zapier’s director of AI and helped build one of the world’s earliest MCP servers, collaborating closely with OpenAI and Anthropic. That experience exposed significant weaknesses in the protocol’s rapid adoption.

“The security risk was obvious because it was adopted so quickly,” Berman said. He pointed to gaps in areas such as logging, observability, and auditing — all of which are crucial for enterprise deployments.

By August, Berman and his co-founders — former Zapier colleagues Tal Peretz and Vitor Balocco — left their roles to start Runlayer. They soon secured Parra’s support and quickly closed several major customers in just four months.

Runlayer’s advisory network also includes notable names: Cursor’s head of security, Travis McPeak, and Neon founder Nikita Shamgunov.