Runlayer Secures $11M from Khosla, Felicis to Launch MCP AI Security
▼ Summary
– Runlayer launched from stealth with $11M seed funding from Khosla Ventures and was founded by Andrew Berman, a third-time entrepreneur.
– The startup has already signed dozens of customers, including eight unicorns or public companies like Gusto and Instacart, within four months.
– Runlayer addresses security vulnerabilities in the Model Context Protocol (MCP), an open-source standard for AI agents to access data and systems independently.
– The company differentiates itself with an all-in-one security tool combining a gateway, threat detection, observability, and enterprise development features.
– Key team members include MCP creator David Soria Parra as an advisor and co-founders from Zapier, leveraging their experience with early MCP server development.
A new player in the artificial intelligence security arena, Runlayer, has officially launched with a substantial $11 million seed investment from Khosla Ventures and Felicis. Spearheaded by seasoned entrepreneur Andrew Berman, whose previous ventures include the baby-monitor company Nanit and the AI video conferencing tool Vowel, the startup focuses on securing the increasingly popular Model Context Protocol (MCP). The protocol is now supported by every major model maker including OpenAI, Microsoft, AWS, Google as well as thousands of tech and enterprise companies. Since its quiet product debut four months ago, Runlayer has already onboarded dozens of clients, including eight unicorn or public companies such as Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp.
The Model Context Protocol, an open-source project launched by a team at Anthropic in late 2024, has rapidly become the foundational standard for enabling AI agents to connect with external data sources and business systems. It allows these autonomous agents to retrieve information, manipulate data, and execute complex processes without requiring constant human supervision. However, this powerful capability comes with a significant catch. The MCP protocol itself doesn’t include much security out of the box, so many MCP implementations have already been found to be vulnerable in a variety of ways.
This security gap has already led to real-world incidents. Researchers uncovered a prompt injection vulnerability that compromised private GitHub repositories, while Asana identified and patched a flaw in its own MCP server that risked exposing sensitive customer information. These events are just a sample of the many attack vectors discovered targeting common MCP server configurations. As Berman notes, “Everyone talks about AI, but AI is really only as useful as the tools and the resources it has access to.” The inherent lack of security in the protocol’s initial design has created a pressing need for specialized security solutions.
In response, a competitive market for MCP security products has emerged, featuring offerings from established firms like CloudFlare, Docker, and Wiz, alongside a wave of startups. The most prevalent solution type is the gateway, which acts as a security layer to authenticate AI agents and manage their permissions for accessing various applications. Runlayer aims to differentiate itself in this crowded field by providing a comprehensive, all-in-one security platform. Its offering combines a gateway with advanced threat detection that scrutinizes every MCP request, full observability to monitor all agent activity across permitted servers, enterprise development tools for building custom AI automations, and granular permissions that integrate with existing identity providers like Okta and Entra.
Similar to competitors such as the open-source project Obot, Runlayer provides business users with a catalog of pre-vetted MCP servers that their IT departments have approved for agent access. A key feature is its ability to align an AI agent’s application permissions with the access rights of the human user it represents. This means if an employee only has read-only access to a financial system, the AI agent operating on their behalf is similarly restricted, preventing unauthorized data modification.
Berman believes Runlayer’s competitive edge lies not only in its product’s breadth but also in the team’s direct experience with the protocol’s challenges. After selling Vowel to Zapier, he became the director of Zapier’s AI division and was involved in building one of the very first MCP servers, collaborating closely with OpenAI and Anthropic. He identified the “blind spots” in areas like observability and audits that made enterprise-wide deployment of MCP a risky proposition. “What are the problems that we saw with the protocol? One, it was the security risk because it was adopted so quickly,” he explained.
This firsthand insight prompted Berman and his co-founders from Zapier, Tal Peretz and Vitor Balocco, to leave their jobs and launch Runlayer in August. A significant coup for the young company was enlisting David Soria Parra, the lead creator of MCP, as an angel and advisor. The startup has also attracted other notable advisors and investors, including Travis McPeak, head of security at Cursor, and Nikita Shamgunov, founder of Neon. With a strong founding team, notable backers, and a rapidly growing client list, Runlayer is positioning itself as a critical security layer for the burgeoning world of autonomous AI agents.
(Source: TechCrunch)