MCP AI agent security startup Runlayer launches with 8 unicorns, valued at $11M from Keith Rabois and Felicis from Khosla

On Monday, a new form context protocol startup called Runlayer stealthily launched with $11 million in seed funding from Keith Rabois and Felicis of Khosla Ventures.

It was created by third founder Andrew Berman (previous two companies: baby monitor maker Nanit and AI-based video conferencing tool Vowel, sold to Zapier in 2024).

In the four months since Runlayer stealthily launched its product, it has signed contracts with dozens of clients, including eight unicorns or public companies such as Gusto, dbt Labs, Instacart and Opendoor, she says. David Soria Parra, MCP’s main creator, was also arrested as an angel and advisor, Berman tells TechCrunch. (Barra did not respond to our request for comment.)

The Barra team at Anthropic released the protocol in November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect to the data and systems they need to operate autonomously. It allows agents to access, transfer, and modify data and perform business operations without human supervision.

The protocol is now supported by every major model maker including OpenAI, Microsoft, AWS, and Google, as well as thousands of technology companies and enterprises; To name a few: Atlassian, Asana, Stripe, Block, and others ranging from banks to consumer goods manufacturers.

“Everyone talks about AI, but AI is only really as useful as the tools and resources it has access to,” Berman, CEO of Runlayer, told TechCrunch.

The problem is that the MCP protocol itself doesn’t include a lot of security out of the box, so many MCP implementations have already been found to be vulnerable in a number of ways.

The poster children are probably GitHub and Asana. In May, researchers at Invariant Labs discovered a hotshot injection vulnerability in MCP servers that allowed them to obtain data from private GitHub repositories (ones that were not supposed to be publicly available). Asana discovered and fixed a vulnerability in its MCP server in June that could have exposed customer data. Since then, many types of attacks have been found to operate on common MCP server settings.

As you might expect, security issues like these have given rise to several MCP security products, including ones from big-name companies like Cloudflare, Docker, and Wiz — as well as a host of startups dealing with more specific products.

The most common type of MCP security product these days is a gateway, which is essentially a security layer to identify agents and control their access to applications.

Runlayer plans to stand out in this crowded market by being a comprehensive security tool that combines a gateway with features like threat detection that analyzes every MCP request; Monitoring capability that monitors all agent activity across all IT-allowed MCP servers; Enterprise development where IT can create custom AI automation processes for enterprise users; Detailed permissions that work with existing identity providers like Okta and Entra.

Like other competitors, such as open source Obot, Runlayer business users are presented with an Okta-like catalog of pre-vetted MCP servers that their IT will allow agents to access. Runlayer matches agents’ application permissions with those of human users. For example, some people may only have read access to financial systems, and others may only have write access (the ability to change data). Others have no access at all.

Berman believes Runlayer stands out from the crowd, not only through the breadth of the product, but also because of the team’s expertise. He founded the startup because, after selling Vowel to Zapier, he became director of Zapier’s AI, built one of the first MCP servers, and was working closely at the time with OpenAI and Anthropic.

“What problems did we see with the protocol? First, there were security risks because it was adopted too quickly,” he said. There were “blind spots” in areas such as observability and auditability, making it risky for companies to roll out to users.

So in August, “we quit our jobs. We signed with David Soria Parra, the creator of the spec, and in four months, we signed with eight unicorns,” he said of himself and his Zapier co-founders Tal Peretz and Vitor Balocco.

Berman says other advisors and investors in the company include Cursor’s head of security Travis McPeak and Neon founder Nikita Shamgunov.