Cybersecurity Startup Runlayer Launches with $11M from Khosla, Felicis and Backing from 8 Unicorns

On Monday, a new Model Context Protocol security startup named Runlayer emerged from stealth mode, securing $11 million in seed funding from Keith Rabois of Khosla Ventures and Felicis.

The company was founded by Andrew Berman, a three-time founder whose previous ventures include baby-monitor creator Nanit and the AI video conferencing tool Vowel, which was acquired by Zapier in 2024.

Since launching its product in stealth four months ago, Runlayer has reportedly onboarded dozens of customers, including eight unicorn or public companies such as Gusto, dbt Labs, Instacart, and Opendoor. CEO Andrew Berman also informed TechCrunch that David Soria Parra, a key creator of MCP, has joined as an angel investor and advisor. (Parra did not respond to our request for comment.)

Parra's team at Anthropic introduced the Model Context Protocol as an open-source project in November 2024. MCP has rapidly become the default standard for enabling AI agents to connect with the data and systems they need to operate autonomously, allowing them to access, transfer, modify data, and execute business processes without human intervention.

The protocol now enjoys support from all major model providers, including OpenAI, Microsoft, AWS, and Google, alongside thousands of technology and enterprise firms. Notable adopters range from Atlassian, Asana, Stripe, and Block to various banks and consumer goods manufacturers.

"Everyone is talking about AI," Berman told TechCrunch, "but its utility is ultimately determined by the tools and resources it can access."

The core issue is that the MCP protocol itself does not include robust built-in security, leading to numerous implementations being found vulnerable in various ways.

Join the Disrupt 2026 Waitlist

Secure your spot on the Disrupt 2026 waitlist to be first in line for Early Bird tickets. Past Disrupt stages have featured leaders from Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla. They're part of over 250 industry experts leading 200+ sessions designed to accelerate your growth and sharpen your competitive edge. You'll also have the chance to connect with hundreds of startups driving innovation across every sector.

Join the Disrupt 2026 Waitlist

Secure your spot on the Disrupt 2026 waitlist to be first in line for Early Bird tickets. Past Disrupt stages have featured leaders from Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla. They're part of over 250 industry experts leading 200+ sessions designed to accelerate your growth and sharpen your competitive edge. You'll also have the chance to connect with hundreds of startups driving innovation across every sector.

GitHub and Asana serve as prominent examples. In May, researchers at Invariant Labs uncovered a prompt injection vulnerability in MCP servers that enabled unauthorized access to data from private GitHub repositories. Separately, Asana identified and patched a vulnerability in its MCP server in June that could have led to customer data exposure. Since then, many more attack vectors have been discovered against common MCP server configurations.

Unsurprisingly, these security concerns have spurred the development of numerous MCP security solutions. Major players like Cloudflare, Docker, and Wiz have entered the space, alongside a wave of startups focusing on more specialized products.

Currently, the most prevalent type of MCP security product is the gateway, which acts as a protective layer to authenticate agents and manage their application access.

Runlayer aims to differentiate itself in this competitive market by offering a comprehensive security platform. It combines a gateway with advanced features like threat detection that scrutinizes every MCP request, observability that monitors all agent activity across approved MCP servers, enterprise development tools for building custom AI automations, and granular permissions that integrate with existing identity providers such as Okta and Entra.

Similar to competitors like the open-source Obot, Runlayer provides business users with a catalog—akin to Okta—of pre-vetted MCP servers that their IT department authorizes for agent access. The platform aligns AI agent application permissions with the individual user's existing privileges, enforcing read-only, write, or no-access policies for systems like financial databases accordingly.

Berman believes Runlayer's edge lies not only in its product's breadth but also in the team's direct experience. After selling Vowel to Zapier and becoming Zapier's AI director, he built one of the earliest MCP servers while collaborating closely with OpenAI and Anthropic. This firsthand exposure revealed the protocol's challenges.

"What problems did we identify with the protocol? First, the rapid adoption created significant security risks," he explained. There were critical "blind spots" in areas like observability and auditing, making enterprise-wide rollouts particularly risky.

"So in August, we left our jobs. We brought on David Soria Parra, the spec's creator, and within four months, we've signed eight unicorns," Berman said, referring to himself and his co-founders from Zapier, Tal Peretz and Vitor Balocco.

Berman notes that other advisors and investors in the company include Cursor's Head of Security, Travis McPeak, and Neon founder Nikita Shamgunov.