The Dawn of Secure AI Autonomy: Runlayer Emerges from Stealth with $11 Million
In the rapidly evolving landscape of artificial intelligence, the ability for AI agents to operate autonomously and interact with our digital world is no longer a futuristic dream, but a present reality. Central to this evolution is the Model Context Protocol (MCP), an open-source project that has swiftly become the de facto standard for enabling AI agents to access, manipulate, and execute tasks within complex systems. However, with great power comes great responsibility, and the inherent security risks associated with this burgeoning technology have become a critical concern.
Enter Runlayer, a new security startup that has just emerged from stealth mode, armed with a significant $11 million in seed funding. This capital infusion, spearheaded by prominent investors like Keith Rabois of Khosla Ventures and Felicis, signals strong confidence in Runlayer’s mission: to build robust security solutions for the MCP. At the helm of this ambitious venture is Andrew Berman, a seasoned entrepreneur with a proven track record. This marks his third entrepreneurial endeavor, following the success of his baby-monitor company Nanit and his AI-powered video conferencing tool, Vowel, which was acquired by Zapier in early 2024.
Bridging the Gap: From AI Potential to Enterprise Reality
The MCP protocol, initially launched in November 2024 by David Soria Parra and his team at Anthropic, was designed to unlock the potential of AI agents. It allows them to connect with data and systems, perform actions, and execute business processes with unprecedented independence. The protocol’s rapid adoption is a testament to its effectiveness, with major AI model makers such as OpenAI, Microsoft, AWS, and Google, alongside thousands of technology and enterprise companies, including industry giants like Atlassian, Asana, Stripe, and Block, embracing it.
Andrew Berman, CEO of Runlayer, articulates this foundational challenge: “Everyone talks about AI, but AI is really only as useful as the tools and the resources it has access to.” This sentiment underscores the critical need for secure access to these resources. However, the MCP protocol, in its foundational form, lacks comprehensive out-of-the-box security features. This has led to a growing number of vulnerabilities being discovered in various MCP implementations, raising alarms for businesses eager to leverage AI’s capabilities.
The Security Scars of Rapid Adoption
The rapid deployment of MCP has, unfortunately, created fertile ground for security exploits. Prominent examples highlight the vulnerabilities that have emerged. In May, researchers at Invariant Labs uncovered a critical prompt injection flaw in MCP servers. This vulnerability allowed them to access sensitive data from private GitHub repositories, data that should have remained inaccessible to the public. Not long after, in June, Asana identified and patched a security breach in its MCP server that could have led to the exposure of customer data. These incidents are not isolated; a range of other attack vectors have been successfully demonstrated against common MCP server configurations.
The security concerns stemming from these vulnerabilities have naturally spurred the development of a burgeoning market for MCP security products. Major technology players like Cloudflare, Docker, and Wiz are entering the fray, alongside a wave of startups focusing on specialized solutions. The most common approach involves implementing a gateway – a security layer designed to authenticate AI agents and regulate their access to various applications.
Runlayer’s All-Encompassing Security Vision
Runlayer aims to differentiate itself in this increasingly crowded market by offering a holistic, all-in-one security platform. Unlike many competitors who focus on single-point solutions like gateways, Runlayer integrates a comprehensive suite of features. This includes advanced threat detection that meticulously analyzes every MCP request, providing real-time insights into potential malicious activity. Furthermore, their observability features offer IT departments a clear view of all permitted agentic activity across all their approved MCP servers, fostering transparency and control.
Beyond security, Runlayer empowers enterprises with robust development tools for building custom AI automations tailored to specific business needs. This allows organizations to leverage AI for enhanced efficiency and innovation while maintaining a strong security posture. A key component of their strategy is the implementation of granular permissions that integrate seamlessly with existing identity providers such as Okta and Entra. This ensures that AI agent access mirrors the established access controls for human users.
“We matched the agents’ app permissions to the human users’ permissions,” Berman explains. “For instance, some people might have read-only access to financial systems, some write access (the ability to change the data). Others have no access at all.” This principle of least privilege, when applied to AI agents, is fundamental to mitigating risks.
A Team Driven by Experience and Foresight
Runlayer’s unique positioning is further bolstered by the deep experience of its founding team. Andrew Berman’s journey into AI security is directly linked to his post-acquisition role at Zapier. As the Director of AI at Zapier, he was instrumental in building one of the first MCP servers, collaborating closely with leading AI research labs like OpenAI and Anthropic. This hands-on experience provided him with invaluable insights into the protocol’s inherent security challenges.
“What are the problems that we saw with the protocol? One, it was the security risk because it was adopted so quickly,” Berman reflects. He also identifies critical “blind spots” in areas like observability and auditing, which pose significant risks for enterprises looking to deploy AI agents at scale. Recognizing these gaps, Berman and his co-founders, Tal Peretz and Vitor Balocco (also former Zapier colleagues), made the decision to leave their roles in August to establish Runlayer.
Their rapid progress is evident in their success: within just four months of launching their product in stealth, Runlayer has secured a impressive roster of over a dozen customers, including eight unicorns or publicly traded companies. Notable clients include Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp. The acquisition of David Soria Parra, the lead creator of the MCP, as an angel investor and advisor further validates Runlayer’s technical acumen and industry standing.
The Future of AI Security
Runlayer’s launch marks a significant step forward in ensuring the safe and responsible integration of AI agents into the fabric of business operations. By addressing the security vulnerabilities inherent in the MCP protocol and offering a comprehensive suite of protective measures, Runlayer is poised to become an indispensable partner for organizations navigating the complex world of AI. The company’s commitment to enterprise-grade security, combined with its deep understanding of AI agent dynamics, positions it for substantial growth and impact in the years to come. As AI continues its relentless march forward, the need for robust security solutions like those offered by Runlayer will only become more paramount.
Other notable advisors and investors backing Runlayer include Travis McPeak, Head of Security at Cursor, and Nikita Shamgunov, founder of Neon, further underscoring the company’s strong industry connections and expertise.