A new security startup called Runlayer emerged from stealth on Monday with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis, aiming to secure the rapidly expanding Model Context Protocol (MCP) ecosystem.
Runlayer was founded by Andrew Berman, a three-time founder whose previous companies include baby-monitor company Nanit and AI video-conferencing startup Vowel, which sold to Zapier in 2024.
In just four months of operating in stealth, Runlayer says it has signed dozens of customers, including eight unicorns and public companies such as Gusto, dbt Labs, Instacart, and Opendoor. The company also recruited David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman told TechCrunch.
MCP, introduced by Parra’s team at Anthropic in November 2024, has since become the industry standard for enabling AI agents to securely access data, execute tasks, automate workflows, and connect to enterprise systems. Today, MCP is supported by every major model developer, OpenAI, Google, Microsoft, AWS, as well as thousands of companies, including Asana, Stripe, Block, Atlassian, and large enterprises across finance, manufacturing, and consumer goods.
But MCP’s explosive adoption created an urgent challenge: the protocol includes very little built-in security.
This gap has already caused real security incidents. In May, researchers at Invariant Labs found a prompt-injection flaw in MCP servers that allowed unauthorized access to private GitHub repositories. In June, Asana patched a vulnerability in its MCP server that could have exposed customer data. Several more attack vectors have since been identified in common MCP setups.
These issues opened the door for a wave of MCP-security products from major players like Cloudflare, Docker, and Wiz, as well as a crop of early-stage startups. Most competitors focus on the same thing: MCP gateways, access-control layers for identifying agents and controlling what systems they can reach.
Runlayer aims to differentiate by offering an all-in-one platform that combines a gateway with a full suite of enterprise-grade security capabilities:
- Threat detection that inspects every MCP request
- Observability that tracks all agent activity across all approved MCP servers
- Enterprise development tools for building AI automations
- Granular permissions integrated with corporate identity providers like Okta and Entra
Business users see an Okta-style dashboard of MCP servers pre-approved by IT. Runlayer then aligns each AI agent’s access level with the human user’s permissions, whether read-only, write, or none at all.
Berman says Runlayer’s advantage comes not just from features, but from experience. After selling Vowel, he became director of AI at Zapier and helped build one of the first MCP servers, collaborating closely with OpenAI and Anthropic. Those early lessons revealed security “blind spots” in observability, audit trails, and risk controls, gaps that enterprises could not ignore.
“So in August, we left our jobs,” Berman said. “We signed up David Soria Parra, the creator of the spec, and in four months, we’ve signed eight unicorns.”
Runlayer’s additional advisors include Travis McPeak, head of security at Cursor, and Nikita Shamgunov, founder of Neon.
With MCP adoption accelerating across industries, Runlayer is positioning itself as the security backbone for a protocol that’s quickly becoming foundational to enterprise AI.
