mcp ai agent security startup runlayer launches with 8 unicorns, $11m from khosla’s keith rabois and felicis

Runlayer Emerges with $11 Million Seed Funding to Secure AI Agent Interactions

A new security startup focused on the Model Context Protocol (MCP), named Runlayer, officially launched on Monday after operating in stealth mode. The company secured $11 million in seed funding led by Keith Rabois of Khosla Ventures and Felicis.

Founding and Early Traction

Runlayer was established by Andrew Berman, a serial entrepreneur with prior experience at Nanit, a baby-monitor company, and Vowel, an AI-powered video conferencing platform acquired by Zapier in 2024.

Within the initial four months of its product’s limited release, Runlayer has successfully onboarded a significant number of clients. These include prominent organizations such as Gusto, dbt Labs, Instacart, and Opendoor – eight unicorn or publicly traded companies in total.

Notably, David Soria Parra, the original creator of the MCP, has joined Runlayer as an angel investor and advisor. (Attempts to obtain a comment from Parra were unsuccessful.)

The Rise of MCP and its Security Challenges

The MCP protocol was initially released as an open-source project by Anthropic in November 2024. It has rapidly become the standard for enabling AI agents to connect with the data and systems required for autonomous operation.

This protocol empowers agents to access, manipulate, and utilize data, as well as execute business processes, without requiring constant human intervention.

Support for the protocol is now widespread, encompassing major AI model developers like OpenAI, Microsoft, AWS, and Google. Thousands of technology and enterprise companies, including Atlassian, Asana, Stripe, and Block, are also utilizing MCP.

Addressing the Security Gap in AI Access

According to Runlayer’s CEO, Andrew Berman, “AI’s utility is fundamentally tied to the tools and resources it can access.”

However, the core MCP protocol lacks robust built-in security features. Consequently, numerous implementations have demonstrated vulnerabilities.

High-Profile Vulnerabilities Highlight the Need for Security

GitHub and Asana serve as prominent examples. Researchers at Invariant Labs identified a prompt injection flaw in MCP servers in May, allowing unauthorized access to private GitHub repositories. Asana subsequently resolved a vulnerability in June that could have compromised customer data. Further attacks targeting common MCP server configurations have been discovered since.

These security concerns have spurred the development of various MCP security solutions, offered by established companies like Cloudflare, Docker, and Wiz, as well as a growing number of startups.

Runlayer’s Comprehensive Security Approach

The prevailing approach to MCP security currently centers around gateways – security layers that authenticate agents and regulate their application access.

Runlayer aims to differentiate itself by providing a comprehensive, all-in-one security platform. This includes a gateway, coupled with threat detection that analyzes every MCP request, observability features to monitor agent activity, enterprise development tools for custom AI automations, and granular permissions integrated with identity providers like Okta and Entra.

Similar to platforms like open-source Obot, Runlayer presents business users with a catalog of pre-approved MCP servers authorized by IT. Agent permissions are aligned with those of human users, ensuring consistent access control – ranging from read-only access to full modification rights, or no access at all.

Leveraging Expertise and Early Success

Berman asserts that Runlayer’s strength lies not only in its product’s breadth but also in the team’s experience. Following the sale of Vowel to Zapier, he led AI initiatives at Zapier and played a key role in building one of the first MCP servers, collaborating closely with OpenAI and Anthropic.

“We quickly identified security risks due to the protocol’s rapid adoption,” Berman explained. “There were also significant gaps in observability and auditing, posing risks for enterprise deployments.”

In August, the founding team – Berman, Tal Peretz, and Vitor Balocco – left their positions to focus on Runlayer, securing the involvement of David Soria Parra and rapidly acquiring eight unicorn clients within four months.

Advisors and Investors

Runlayer’s advisory board and investor network include Travis McPeak, Head of Security at Cursor, and Nikita Shamgunov, founder of Neon.