Runlayer Secures $11M Seed to Secure the Exploding AI Agent Ecosystem

A new security startup, Runlayer, has emerged from stealth securing $11 million in seed funding. Khosla Ventures partner Keith Rabois and Felicis are leading this initial investment round.

This funding fuels Runlayer’s mission to secure the rapidly expanding ecosystem built around the Model Context Protocol, or MCP. MCP is the emerging open-source standard enabling AI agents to interact with enterprise data and systems autonomously.

Runlayer’s CEO, Andrew Berman, is a seasoned entrepreneur, having previously founded Nanit and Vowel, the latter of which was acquired by Zapier last year. Berman’s direct experience with AI implementation drove the company’s creation.

The company already boasts significant early traction, signing dozens of customers in just four months of quiet operation. Impressively, this customer base includes eight established unicorns or publicly traded firms like Gusto, Rippling, and Instacart.

The urgency for Runlayer’s solution stems from inherent vulnerabilities within the core MCP specification. While MCP facilitates powerful agent action, the protocol lacks robust, built-in security controls against misuse.

Recent high-profile security incidents, such as prompt injection attacks targeting GitHub and Asana implementations, underscore this critical gap. These events highlight the immediate enterprise risk associated with unsecured agent access.

Runlayer intends to differentiate itself from emerging competitors, which often focus only on basic security gateways. Their platform integrates a full security suite combining threat detection, deep observability, and granular permissions management.

Furthermore, Runlayer is tightly integrated with the protocol’s origin; David Soria Parra, the lead creator of MCP at Anthropic, joined Runlayer as an angel investor and advisor. This deep connection provides crucial insight into the protocol’s evolution.

The startup plans to map agent permissions directly to existing human identity frameworks like Okta and Entra. This approach ensures that an AI agent’s capabilities precisely mirror the authorized access levels of the user initiating the workflow.

Berman and his co-founders left their roles at Zapier after recognizing these security blind spots during large-scale AI deployment. They are now focused on making enterprise-grade agent adoption safe and auditable.