On Monday, a new Model Context Protocol security startup called Runlayer launched out of stealth with eleven million dollars in seed funding from Khosla Ventures’ Keith Rabois and Felicis. It was created by third-time founder Andrew Berman, whose previous companies include baby-monitor maker Nanit and an AI video conferencing tool called Vowel, which sold to Zapier in 2024.
In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies such as Gusto, dbt Labs, Instacart, and Opendoor. The company also secured David Soria Parra, the lead creator of the Model Context Protocol, as an angel investor and advisor. Parra’s team at Anthropic launched the protocol in November 2024 as an open source project.
The Model Context Protocol has since become the de facto standard for allowing AI agents to connect with the data and systems they need to work independently. It enables agents to access data, move it, alter it, and execute business processes without human oversight. The protocol is now supported by every major model maker, including OpenAI, Microsoft, AWS, and Google, as well as thousands of tech and enterprise companies such as Atlassian, Asana, Stripe, and Block, ranging from banks to consumer goods manufacturers.
Andrew Berman, Runlayer’s CEO, stated that while everyone talks about AI, it is only as useful as the tools and resources it can access. The problem is that the MCP protocol itself does not include much built-in security, so many implementations have already been found vulnerable in a variety of ways.
Notable examples include GitHub and Asana. In May, researchers discovered a prompt injection vulnerability in MCP servers that allowed access to data from private GitHub repositories. In June, Asana discovered and fixed a vulnerability in its MCP server that could have exposed customer data. Many more types of attacks have since been found to work on common MCP server setups.
These security issues have given rise to numerous MCP security products from big-name companies like Cloudflare, Docker, and Wiz, as well as a host of startups tackling more specific issues. The most common type of MCP security product is a gateway, which acts as a security layer for identifying agents and controlling their access to applications.
Runlayer plans to stand out in this crowded market by being an all-in-one security tool. It combines a gateway with features like threat detection that analyzes every MCP request, observability that monitors all agent activity across permitted MCP servers, enterprise development tools for building custom AI automations, and detailed permissions that integrate with existing identity providers like Okta and Entra.
Like other competitors, such as the open source Obot, Runlayer presents business users with a catalog of pre-vetted MCP servers that their IT departments allow agents to access. Runlayer matches the agents’ application permissions to the human users’ permissions, ensuring appropriate access levels, from read-only to write access or no access at all.
Berman believes Runlayer stands out not only due to its product breadth but also because of the team’s experience. After selling Vowel to Zapier, he became the director of Zapier’s AI and built one of the first MCP servers, working closely with OpenAI and Anthropic. He identified security risks and blind spots in areas like observability and audits that make it risky for enterprises to roll out the technology.
In August, Berman and his co-founders from Zapier, Tal Peretz and Vitor Balocco, left their jobs to focus on Runlayer. They signed up David Soria Parra, the creator of the MCP specification, and in four months have signed up eight unicorn companies as customers. Other advisors and investors in the company include the head of security at Cursor, Travis McPeak, and the founder of Neon, Nikita Shamgunov.