On Monday, a new model context protocol security startup called Runlayer launched in stealth with $11 million in seed funding from Keith Rabois and Felicis of Khosla Ventures.
It was created by its third founder, Andrew Berman (previous companies: baby monitor maker Nanit and AI video conferencing tool Vowel, which was sold to Zapier in 2024).
In the four months since Runlayer launched its product in stealth, it says it has signed on with dozens of customers, including eight unicorns and publicly traded companies like Gusto, dbt Labs, Instacart, and Opendoor. Berman also told TechCrunch that the company has hired David Soria Parra, MCP’s lead creator, as an angel and advisor. (Mr. Parra did not respond to a request for comment.)
Parra’s team at Anthropic launched the protocol as an open source project in November 2024. Since then, MCP has become the de facto standard for allowing AI agents to connect to the data and systems they need to operate independently. This allows agents to access, move and modify data, and execute business processes without human supervision.
The protocol is currently supported by all major model manufacturers, including OpenAI, Microsoft, AWS, and Google, as well as thousands of technology and enterprise companies. Atlassian, Asana, Stripe, Block, and others, to name a few, and everything from banks to consumer goods companies.
“Everyone talks about AI,” Runlayer CEO Berman told TechCrunch. “However, the actual usefulness of AI will depend on the tools and resources it has access to.”
The problem is that the MCP protocol itself doesn’t have a lot of security built in out of the box, and many MCP implementations have already been found to be vulnerable in various ways.
tech crunch event
san francisco
|
October 13-15, 2026
The two most popular examples are probably GitHub and Asana. In May, Invariant Labs researchers discovered a prompt injection vulnerability in MCP servers. This vulnerability allows data to be retrieved from private GitHub repositories (repositories that should not be made publicly available). In June, Asana discovered and fixed a vulnerability in its MCP servers that could have exposed customer data. Since then, many more types of attacks have been discovered that work against common MCP server configurations.
As you might imagine, security issues like these have led to the birth of a number of MCP security products, including products from big names like CloudFlare, Docker, and Wiz, as well as a number of startups working on more specialized products.
The most common type of MCP security product these days is a gateway, which is essentially a security layer for identifying agents and controlling access to apps.
Runlayer plans to stand out in this crowded market as an all-in-one security tool that combines gateways with features such as threat detection that analyzes every MCP request. Observability to monitor all agent activity across all IT-approved MCP servers. Enterprise development that allows IT departments to build custom AI automation for enterprise users. Granular permissions to work with existing identity providers like Okta and Entra.
Similar to other competitors such as the open source Obot, Runlayer provides business users with an Okta-like catalog of pre-vetted MCP servers that IT departments can grant their agents access to. Runlayer checks the agent’s app permissions with the human user’s permissions. For example, some people have read-only access to financial systems, while others have write access (the ability to change data). Others are completely inaccessible.
Berman believes Runlayer stands out not only because of the breadth of its products, but also because of the experience of its team. He said he founded the startup because after selling Vowel to Zapier, he became Zapier’s AI director and worked closely with OpenAI and Anthropic at the time to build one of the first MCP servers.
“What are the problems we found with this protocol? One is that it was adopted so quickly that there was a security risk,” he said. There were “blind spots” in areas such as observability and auditing that made it risky for companies to roll out to their users.
So in August, “We quit our jobs. We signed David Soria Parra, the spec author, and in four months we signed eight unicorns,” he said of himself and co-founders Zapier Tal Peretz and Vitor Balocco.
Berman said the company’s other advisors and investors include Cursor’s head of security Travis McPeak and Neon Nikita Shamgunov.
