Runlayer Secures $11M Seed for AI Agent Security

Runlayer, a new Model Context Protocol (MCP) security startup, has officially emerged from stealth, announcing an impressive $11 million in seed funding. The round was led by Khosla Ventures' Keith Rabois and Felicis, signaling strong investor confidence in the burgeoning field of AI agent security. At the helm is three-time founder Andrew Berman, known for his previous ventures, including baby-monitor maker Nanit and AI video conferencing tool Vowel, which was acquired by Zapier in 2024.

Despite operating in stealth for just four months, Runlayer has already secured dozens of customers, including eight unicorn or public companies such as Gusto, dbt Labs, Instacart, and Opendoor. The company has also brought on David Soria Parra, the lead creator of the Model Context Protocol, as an angel investor and advisor, according to Berman.

The Critical Need for AI Agent Security

The Model Context Protocol (MCP), originally launched as an open-source project by David Soria Parra's team at Anthropic in November 2024, has rapidly become the de facto standard for enabling AI agents to interact autonomously with data and systems. This protocol empowers agents to access, move, alter data, and execute complex business processes without direct human intervention.

Its widespread adoption is undeniable, with support from every major model developer, including OpenAI, Microsoft, AWS, and Google. Furthermore, thousands of technology and enterprise companies, such as Atlassian, Asana, Stripe, and Block, across various sectors from banking to consumer goods, have integrated MCP into their operations.

Everyone talks about AI, but AI is really only as useful as the tools and the resources it has access to.

— Andrew Berman, CEO of Runlayer

However, this rapid proliferation comes with significant challenges. The MCP protocol, by design, lacks robust out-of-the-box security features, leading to numerous vulnerabilities in existing MCP implementations.

Addressing Critical Vulnerabilities

The security gaps in MCP have already led to significant incidents. In May, researchers at Invariant Labs uncovered a prompt injection vulnerability in MCP servers, enabling unauthorized access to private GitHub repositories. Similarly, Asana identified and patched an MCP server vulnerability in June that risked exposing customer data. These incidents highlight a growing concern, with various other attack types being discovered against common MCP server configurations.

This landscape of emerging threats has spurred the development of numerous MCP security products. Established players like Cloudflare, Docker, and Wiz, alongside a wave of specialized startups, are now offering solutions to secure AI agent infrastructure.

Runlayer's Comprehensive Security Solution

While many existing solutions focus on a gateway approach—acting as a security layer to identify agents and manage their application access—Runlayer aims to differentiate itself with an all-in-one platform. Its comprehensive offering integrates several critical features:

• Threat Detection: Analyzes every MCP request for potential threats.
• Observability: Monitors all agent activity across authorized MCP servers, providing IT with full visibility.
• Enterprise Development: Enables IT teams to build custom AI automations specifically for enterprise users.
• Detailed Permissions: Works seamlessly with existing identity providers such as Okta and Entra to ensure granular access control.

Similar to competitors like open-source Obot, Runlayer provides business users with an Okta-like catalog of IT-approved MCP servers for agent access. Crucially, Runlayer aligns AI agent app permissions with those of human users, ensuring that agents operate within the same access boundaries—whether read-only, write access, or no access at all—to sensitive systems like financial data.

Berman emphasizes that Runlayer's competitive edge stems not only from its product's breadth but also from the team's unparalleled experience. His journey to founding Runlayer began after Vowel's acquisition by Zapier, where he served as Director of AI. In that role, he was instrumental in building one of the first MCP servers, collaborating closely with industry leaders like OpenAI and Anthropic.

What are the problems that we saw with the protocol? One, it was the security risk because it was adopted so quickly. There were blind spots in areas like observability and audits that make it risky for enterprises to roll out to users.

These insights directly informed Runlayer's development. Berman, along with co-founders Tal Peretz and Vitor Balocco—both hailing from Zapier—left their positions in August to establish Runlayer. Their rapid progress includes securing David Soria Parra as an advisor and signing eight unicorn clients within four months.

The company's advisory board and investor roster also feature notable figures such as Travis McPeak, Head of Security at Cursor, and Nikita Shamgunov, founder of Neon, further bolstering Runlayer's expertise in the security and AI domains.