On Monday, a new Model Context Protocol security startup calledRunlayerlaunched out of stealth with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis.
It was created by third-time founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI video conferencing tool, Vowel, that sold toZapier in 2024).
In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp, it says. It also nabbed David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman tells TechCrunch. (Parra did not respond to our request for comment.)
Parra’s team atAnthropic launched the protocolin November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect with the data and systems they need to work independently. It allows agents to access data, move it, alter it, and execute business processes without human oversight.
The protocol is now supported by every major model makerincluding OpenAI, Microsoft, AWS, Google as well asthousands of tech and enterprise companies; just to name a few: Atlassian, Asana, Stripe, Block, others ranging from banks to consumer goods manufacturers.
“Everyone talks about AI,” Berman, Runlayer’s CEO, told TechCrunch. “but AI is really only as useful as the tools and the resources it has access to.”
The problem is, the MCP protocol itselfdoesn’t include much security out of the box, so many MCP implementations have already been found to be vulnerable in a variety of ways.
The poster children are probably GitHub and Asana. In May, researchersat Invariant Labsdiscovered a prompt injection vulnerability in MCP servers that allowed them to grab data from private GitHub repositories (ones that shouldn’t have been accessible to the public). Asana discovered andfixed a vulnerability in its MCP server in Junethat could have exposed customer data. There’ have since been many moretypes of attacksfound to work on common MCP server setups.
As you might expect, such security issues have given rise to numerous MCP security products, including products from big-name companies like CloudFlare, Docker and Wiz — as well as a host ofstartupstackling more specific products.
The most common type of MCP security product these days is a gateway, essentially a security layer for identifying the agents and controlling their access to apps.
Runlayer plans to stand out in this crowded market by being an all-in-one security tool that combines a gateway with features like threat detection that analyzes every MCP request; observability that watched all agentic activity across all MCP servers that IT has permitted; enterprise development where IT can build custom AI automations for enterprise users; and detailed permissions that work with existing identify providers like Okta and Entra.
Like other competitors, such asopen source Obot, Runlayer business users are presented with an Okta-like catalog of the pre-vetted MCP servers that their IT will allow agents to access. Runlayer matches the agents’ app permissions to the human users’ permissions. For instance, some people might have read-only access to financial systems, some write access (the ability to change the data). Others have no access at all.
Berman believes Runlayer stands out from the crowd, not just with the breadth of the product, but because of the team’s experience. He founded the startup because, after selling Vowel to Zapier, he became the director of Zapier’s AI, and built one of the first MCP servers, working closely at the time with OpenAI and Anthropic, he said.
“What are the problems that we saw with the protocol? One, it was the security risk because it was adopted so quickly,” he said. There were “blind spots” in areas like observability and audits, that make it risky for enterprises to roll out to users.
So in August, “we left our jobs. We signed up David Soria Parra, the creator of the spec, and in four months, we’ve signed up eight unicorns,” he said of himself and his co-founders from Zapier Tal Peretz and Vitor Balocco.
Other advisors and investors in the company, Berman says, include head of security at Cursor Travis McPeak, and founder of Neon Nikita Shamgunov.
Source: Techcrunch
