MCP AI agent security startup Runlayer launches with 8 unicorns, valued at $11M from Keith Rabois and Felicis from Khosla

On Monday, a new security startup was called for the Model Context Protocol Operating layer It was launched stealthily with $11 million in seed funding from Keith Rabois and Felicis of Khosla Ventures.

It was created by third founder Andrew Berman (previous two companies: baby monitor maker Nanit and AI-based video conferencing tool, Vowel, which was sold to Zapier in 2024).

In the four months since Runlayer stealthily launched its product, it has signed contracts with dozens of clients, including eight unicorns or public companies such as Gusto, dbt Labs, Instacart and Opendoor, she says. David Soria Parra, MCP’s main creator, was also arrested as an angel and advisor, Berman tells TechCrunch. (Barra did not respond to our request for comment.)

Para team in Anthropology launched the protocol In November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect to the data and systems they need to operate autonomously. It allows agents to access, transfer, and modify data and perform business operations without human supervision.

The protocol is now supported by every major model maker Including OpenAIAnd Microsoft, AWS, and Google as well Thousands of technology companies and enterprises; To name a few: Atlassian, Asana, Stripe, Block, and others ranging from banks to consumer goods manufacturers.

“Everyone is talking about AI,” Runlayer CEO Berman told TechCrunch. “But AI is only as useful as the tools and resources it has access to.”

The problem is the MCP protocol itself Doesn’t include much security out of the boxMany MCP applications have already been shown to be vulnerable in several ways.

The poster children are probably GitHub and Asana. In May, researchers At Invariant Laboratories They discovered a hotshot injection vulnerability in MCP’s servers that allowed them to obtain data from private GitHub repositories (those that the public should not have access to). Discover asana and A vulnerability in its MCP server was fixed in June Which could reveal customer data. Since then there have been many Types of attacks Found to work on common MCP server settings.

As you might expect, such security issues have given rise to several MCP security products, including products from big-name companies like CloudFlare, Docker, and Wiz — as well as a host of other Start-ups Process more specific products.

The most common type of MCP security product these days is a gateway, which is essentially a security layer to identify agents and control their access to applications.

Runlayer plans to stand out in this crowded market by being a comprehensive security tool that combines a gateway with features like threat detection that analyzes every MCP request; Monitoring capability that monitors all agent activity across all IT-allowed MCP servers; Enterprise development where IT can create custom AI automation processes for enterprise users; Detailed permissions that work with existing identity providers like Okta and Entra.

Like other competitors like Fi until the end.Runlayer, business users are presented with an Okta-like catalog of pre-vetted MCP servers that their IT will allow agents to access. Runlayer matches agents’ application permissions with those of human users. For example, some people may only have read access to financial systems, and others may only have write access (the ability to change data). Others have no access at all.

Berman believes Runlayer stands out from the crowd, not only through the breadth of the product, but also because of the team’s expertise. He founded the startup because, after selling Vowel to Zapier, he became director of Zapier’s AI, built one of the first MCP servers, and was working closely at the time with OpenAI and Anthropic.

“What problems did we see with the protocol? First, there were security risks because it was adopted too quickly,” he said. There were “blind spots” in areas such as observability and auditability, making it risky for companies to roll out to users.

So in August, “we quit our jobs. We signed with David Soria Parra, the creator of the spec, and in four months, we signed with eight unicorns,” he said of himself and his Zapier co-founders Tal Peretz and Vitor Balocco.

Berman says other advisors and investors in the company include Cursor’s head of security Travis McPeak and Neon founder Nikita Shamgunov.