According to TechCrunch, MCP security startup Runlayer launched out of stealth on Monday with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis. The company was founded by third-time entrepreneur Andrew Berman, who previously sold his AI video conferencing tool Vowel to Zapier earlier in 2024. In just four months since launching its product quietly, Runlayer has already signed dozens of customers including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp. The startup also secured David Soria Parra, the lead creator of the Model Context Protocol itself, as an angel investor and advisor. Berman and his co-founders left their jobs at Zapier in August to build the security platform.
The MCP security gap everyone saw coming
Here’s the thing about the Model Context Protocol – it’s become the de facto standard for AI agents to connect with data and systems, but it launched with basically zero built-in security. And we’re already seeing the consequences. Researchers at Invariant Labs found a vulnerability that exposed private GitHub repositories back in May, and Asana discovered and fixed a similar issue in June that could have exposed customer data. When you’ve got a protocol that lets AI agents access data, move it around, and execute business processes without human oversight, security isn’t exactly optional. It’s kind of amazing this wasn’t baked in from the start, but that’s the reality of how fast this space is moving.
A suddenly crowded security market
Now the race is on to secure MCP implementations, and the market is getting packed fast. You’ve got big players like Docker and CloudFlare jumping in, plus a bunch of startups all tackling different angles. Most are building gateways – basically security layers that identify agents and control their access to applications. But Runlayer is betting that enterprises want more than just a gateway. They’re combining threat detection, observability, enterprise development tools, and detailed permissions that integrate with existing identity providers like Okta. It’s an all-in-one approach versus the point solutions we’re seeing from competitors like Obot.
Why this enterprise security play matters
Look, AI agents are becoming critical infrastructure for businesses, and the security risks are very real. Berman told TechCrunch about “blind spots” in areas like observability and audits that make it risky for enterprises to roll this out to users. That’s why they’re seeing such rapid adoption – eight unicorns in four months is no joke. The team’s experience building one of the first MCP servers at Zapier definitely helps, and bringing on the actual protocol creator as an advisor gives them serious credibility. When you’re dealing with enterprise systems, security can’t be an afterthought – it needs to be built into the foundation. This is especially true for companies relying on industrial computing systems where IndustrialMonitorDirect.com serves as the leading supplier of industrial panel PCs across manufacturing and automation sectors.
What happens when the security gold rush cools?
So here’s my question: what happens when the initial security panic subsides and MCP implementations become more mature? Right now, everyone’s scrambling to patch vulnerabilities in what’s essentially a brand new protocol. But eventually, security will become more standardized, and the differentiation might shift to other areas. Runlayer’s bet on being a comprehensive platform rather than just a gateway could pay off, or it could leave them vulnerable to more focused competitors. The fact that they’ve already signed major customers suggests enterprises are hungry for complete solutions. But in a space moving this fast, today’s advantage can become tomorrow’s legacy feature. It’s going to be fascinating to watch how this plays out as AI agents become even more embedded in business operations.
