On Monday, a new Model Context Protocol security startup called Runlayer launched out of stealth with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis.
It was created by third-time founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI video conferencing tool, Vowel, that sold to Zapier in 2024).
In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp, it says. It also nabbed David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman tells TechCrunch. (Parra did not respond to our request for comment.)
Parra’s team at Anthropic launched the protocol in November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect with the data and systems they need to work independently. It allows agents to access data, move it, alter it, and execute business processes without human oversight.
The protocol is now supported by every major model maker including OpenAI, Microsoft, AWS, Google as well as thousands of tech and enterprise companies; just to name a few: Atlassian, Asana, Stripe, Block, others ranging from banks to consumer goods manufacturers.
“Everyone talks about AI,” Berman, Runlayer’s CEO, told TechCrunch. “but AI is really only as useful as the tools and the resources it has access to.”
The problem is, the MCP protocol itself doesn’t include much security out of the box, so many MCP implementations have already been found to be vulnerable in a variety of ways.
Techcrunch event
San Francisco
|
October 13-15, 2026
The poster children are probably GitHub and Asana. In May, researchers at Invariant Labs discovered a prompt injection vulnerability in MCP servers that allowed them to grab data from private GitHub repositories (ones that shouldn’t have been accessible to the public). Asana discovered and fixed a vulnerability in its MCP server in June that could have exposed customer data. There’ have since been many more types of attacks found to work on common MCP server setups.
As you might expect, such security issues have given rise to numerous MCP security products, including products from big-name companies like CloudFlare, Docker and Wiz — as well as a host of startups tackling more specific products.
The most common type of MCP security product these days is a gateway, essentially a security layer for identifying the agents and controlling their access to apps.
Runlayer plans to stand out in this crowded market by being an all-in-one security tool that combines a gateway with features like threat detection that analyzes every MCP request; observability that watched all agentic activity across all MCP servers that IT has permitted; enterprise development where IT can build custom AI automations for enterprise users; and detailed permissions that work with existing identify providers like Okta and Entra.
Like other competitors, such as open source Obot, Runlayer business users are presented with an Okta-like catalog of the pre-vetted MCP servers that their IT will allow agents to access. Runlayer matches the agents’ app permissions to the human users’ permissions. For instance, some people might have read-only access to financial systems, some write access (the ability to change the data). Others have no access at all.
Berman believes Runlayer stands out from the crowd, not just with the breadth of the product, but because of the team’s experience. He founded the startup because, after selling Vowel to Zapier, he became the director of Zapier’s AI, and built one of the first MCP servers, working closely at the time with OpenAI and Anthropic, he said.
“What are the problems that we saw with the protocol? One, it was the security risk because it was adopted so quickly,” he said. There were “blind spots” in areas like observability and audits, that make it risky for enterprises to roll out to users.
So in August, “we left our jobs. We signed up David Soria Parra, the creator of the spec, and in four months, we’ve signed up eight unicorns,” he said of himself and his co-founders from Zapier Tal Peretz and Vitor Balocco.
Other advisors and investors in the company, Berman says, include head of security at Cursor Travis McPeak, and founder of Neon Nikita Shamgunov.
