A new security startup called Runlayer has launched with $11 million in seed funding from Khosla Ventures and Felicis, aiming to address vulnerabilities in the Model Context Protocol (MCP) used by AI agents. Founded by Andrew Berman, a former tech entrepreneur with experience in AI video tools and baby monitors, Runlayer targets gaps in MCP security that have exposed sensitive data across major companies. The protocol, now widely adopted by tech giants and enterprises, lacks built-in safeguards, leading to vulnerabilities like data leaks and unauthorized access. Runlayer’s solution combines a security gateway with threat detection, observability, and permission controls to protect MCP-enabled systems. The startup has already secured partnerships with eight unicorn companies, including Gusto and Instacart, to demonstrate its market appeal.
Key facts
- Runlayer received $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis, with support from industry experts like David Soria Parra.
- The startup was founded by Andrew Berman, who previously led companies like Nanit and Vowel, which was acquired by Zapier in 2024.
- MCP, a protocol enabling AI agents to access data and systems, has faced security flaws exposing sensitive information at companies like GitHub and Asana.
- Major tech firms including OpenAI, Microsoft, and AWS have adopted MCP, but its lack of native security features has created risks for enterprises.
- Runlayer offers an all-in-one security tool combining gateway protection, threat detection, and permission management for MCP environments.
