On Monday, it called a new security startup Model Context Protocol Runlayer launched out of stealth with $11 million in seed funding from Keith Rabois and Felicis of Khosla Ventures.
Created by third-party founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI videoconferencing tool, Vowel, sold to Zapier in 2024).
In the four months since Runlayer launched its product in secrecy, it has signed on dozens of customers, including eight unicorns or public companies such as Gusto, dbt Labs, Instacart and Opendoor, he says. It also brought on board David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman tells TechCrunch. (Parra did not respond to our request for comment.)
Parra’s team at Anthropic launched the protocol in November 2024 as an open source project. MCP has since become the de facto standard for enabling AI agents to connect to the data and systems they need to operate independently. It allows agents to access data, move it, modify it, and perform business processes without human supervision.
The protocol is now supported by every major model maker, including OpenAI, Microsoft, AWS, and Google, as well as thousands of tech and business companies; to name just a few: Atlassian, Asana, Stripe, Block and others, from banks to consumer goods manufacturers.
“Everyone talks about AI,” Berman, Runlayer’s CEO, told TechCrunch, “but AI is really only as useful as the tools and resources it has access to.”
The problem is, the MCP protocol itself it doesn’t include much security out of the boxso many MCP implementations have already been found vulnerable in various ways.
Techcrunch event
San Francisco
|
13-15 October 2026
The poster children are probably GitHub and Asana. In May the researchers at Invariant Labs discovered a direct injection vulnerability in MCP servers that allowed them to collect data from private GitHub repositories (those that should not be publicly accessible). Asana discovered and patched a vulnerability in its MCP server in June which could have exposed customer data. Since then there have been many more types of attacks found to work in common MCP server settings.
As you might expect, such security issues have led to many MCP security products, including products from major companies like Cloudflare, Docker, and Wiz—as well as a number of start-ups dealing with more specific products.
The most common type of MCP security product these days is a gateway, essentially a security layer to identify agents and control their access to applications.
Runlayer plans to stand out in this crowded market by being an all-in-one security tool that combines a gateway with features like threat detection that analyzes every MCP request. observability that monitored all agent activity on all IT-enabled MCP servers. business development where IT can build custom AI automations for enterprise users; and detailed licenses that work with existing identity providers like Okta and Entra.
Like other competitors, such as e.g open source ObotBusiness users of Runlayer are presented with an Okta-style directory of pre-screened MCP servers that their IT will allow agents to access. Runlayer maps the application permissions of agents to the permissions of human users. For example, some people may have read-only access to financial systems, some write access (the ability to change data). Others have no access at all.
Berman believes that Runlayer stands out from the crowd, not only with the breadth of the product, but because of the team’s experience. He founded the startup because, after selling Vowel to Zapier, he became Zapier’s director of AI and built one of the first MCP servers, working with OpenAI and Anthropic at the time, he said.
“What are the problems we saw with the protocol? First, it was the security risk because it was adopted so quickly,” he said. There were “blind spots” in areas such as observability and controls, making it risky for businesses to extend to users.
So in August, “we quit our jobs. We signed David Soria Parra, the creator of the spec, and in four months, we’ve signed eight unicorns,” he said of himself and Zapier co-founders Tal Peretz and Vitor Balocco.
Other advisers and investors in the company, Berman says, include Cursor chief security officer Travis McPeak and Neon founder Nikita Shamgunov.
