Runlayer

Cover Block

PUBLIC

Name	Runlayer
Tagline	Security platform for AI/MCP deployments, providing threat detection, fine-grained permissions, and observability.
Headquarters	New York City, New York, USA
Founded	2024
Stage	Seed
Business Model	SaaS
Industry	Security
Technology	AI / Machine Learning
Geography	Global / Remote-First
Growth Profile	Venture Scale
Founding Team	Co-Founders (3+)
Funding Label	Seed (total disclosed ~$11,000,000)

Links

PUBLIC

• Website: https://www.runlayer.com
• LinkedIn: https://www.linkedin.com/company/runlayer

Executive Summary

PUBLIC

Runlayer is a security platform that makes the Model Context Protocol (MCP) enterprise-ready, addressing the immediate and growing risk of unmanaged AI agents in corporate environments. The company emerged from stealth in late 2025 with $11 million in seed funding from Khosla Ventures and Felicis, and has already secured dozens of customers, including eight unicorn or public companies such as Gusto, Rippling, and Instacart [TechCrunch, Nov 2025].

The founding team, led by third-time founder Andrew Berman, coalesced around a shared experience building AI agent infrastructure at Zapier following its acquisition of Berman's previous company, Vowel [TechCrunch, Nov 2025]. Their product differentiates by providing a centralized control plane for threat detection, permissions, and observability, integrating with existing identity providers like Okta to map agent access directly to user permissions [news.aibase.com, 2026].

Key technical capabilities include ToolGuard, which inspects and blocks malicious MCP calls in under 100 milliseconds, and OpenClaw Watch, which scans corporate device fleets to detect unauthorized "shadow" MCP servers [AI CERTs News, 2026] [ClawHosters, 2026]. The business operates on a SaaS model, targeting global, venture-scale growth from its New York City base.

Over the next 12-18 months, the critical watch points are the company's ability to convert early design wins with tech-forward unicorns into broader enterprise penetration, and its execution against an emerging competitive field that includes large infrastructure players. The involvement of David Soria Parra, lead creator of the MCP standard, as an advisor provides a significant validation of the technical roadmap [TechCrunch, Nov 2025].

Data Accuracy: GREEN -- Core facts (funding, team, customers) confirmed by multiple independent sources including TechCrunch and SecurityWeek.

Taxonomy Snapshot

Axis	Value
Stage	Seed
Business Model	SaaS
Industry / Vertical	Security
Technology Type	AI / Machine Learning
Geography	Global / Remote-First
Growth Profile	Venture Scale
Founding Team	Co-Founders (3+)
Funding	Seed (total disclosed ~$11,000,000)

Company Overview

PUBLIC

Runlayer was founded in 2024 by Andrew Berman, Tal Peretz, Vitor Balocco, and Michał Wysocki, with the company emerging from stealth in November 2025 [TechCrunch, Nov 2025]. The founding team coalesced around a shared experience building AI agent infrastructure at Zapier, where Berman led AI efforts following the acquisition of his previous company, Vowel, and where Peretz, Balocco, and Wysocki had worked on the Zapier Agents platform [TechCrunch, Nov 2025] [LinkedIn]. Their central thesis, as described in launch coverage, was that the rapid adoption of the Model Context Protocol (MCP) for connecting AI agents to tools and data was creating a new, unmanaged security surface that enterprises were unprepared to handle [TechCrunch, Nov 2025].

The company is headquartered in New York City and operates with a remote-first model [TechCrunch, Nov 2025]. Its primary early milestone was securing an $11 million seed round led by Khosla Ventures and Felicis, with participation from angel investors including Keith Rabois and Astasia Myers [SecurityWeek, 2025] [TechCrunch, Nov 2025]. Within roughly four months of its stealth product launch, Runlayer reported signing dozens of customers, a group that included eight named unicorn or public companies such as Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp [TechCrunch, Nov 2025] [AI News, 2026]. The company also secured David Soria Parra, the lead creator of the MCP specification, as a technical advisor, providing a layer of ecosystem validation at launch [TechCrunch, Nov 2025].

Data Accuracy: GREEN -- Confirmed by multiple independent publications including TechCrunch and SecurityWeek, with team details corroborated by LinkedIn profiles.

Product and Technology

MIXED Runlayer positions itself as a control plane for enterprise AI agents, specifically those built on the Model Context Protocol (MCP). The platform's core proposition is to bring security and governance to a rapidly expanding ecosystem of AI tools that connect to internal data and systems. Its architecture appears designed to integrate with existing enterprise infrastructure, promising to connect AI agents to over 18,000 MCP servers while providing centralized management [Runlayer].

The product surfaces are described across public sources with varying levels of detail. The company's own materials frame the offering around three pillars: threat detection, fine-grained permissions, and complete observability [Runlayer]. More specific capabilities have been reported by third-party technical publications. These include ToolGuard, a technology that inspects every MCP call in real-time to block credential exfiltration and other threats in under 100 milliseconds [AI CERTs News, 2026]. Another reported module is OpenClaw Watch, which uses Mobile Device Management (MDM) integrations to scan corporate fleets for unauthorized, or "shadow," MCP servers [ClawHosters, 2026] [techbuddies.io, 2026]. For identity, the platform is described as using an "Okta-style" directory, allowing IT to pre-approve MCP servers and map them to specific employee identities to enforce permission boundaries [news.aibase.com, 2026].

From a technical integration standpoint, the platform claims to work within a customer's own Virtual Private Cloud (VPC) or via a managed cloud service [Runlayer]. Key integrations mentioned include major identity providers like Okta and Microsoft Entra, aligning with its enterprise security narrative [Runlayer]. The founding team's background at Zapier, where they built early MCP infrastructure and agent systems, provides a plausible technical foundation for the product's development [LinkedIn] [TechCrunch, Nov. 2025].

Data Accuracy: YELLOW -- Core product pillars confirmed by company site; specific module details and performance claims sourced from third-party technical blogs, not primary press releases.

Market Research

PUBLIC

The security market for AI agents and the Model Context Protocol (MCP) is emerging as a direct consequence of enterprise adoption, where the need for governance and control follows initial experimentation. The market's significance is tied to the rapid, often unmanaged, deployment of AI agents that can read and write to internal systems, creating a new and expanding attack surface that traditional cloud security tools are not designed to address.

Quantifying the total addressable market for MCP-specific security is premature, as the underlying protocol is still in early adoption. A more instructive view comes from adjacent, established markets. The broader AI security market is projected to reach $35 billion by 2029, growing at a compound annual rate of 23% from 2024, according to a recent industry analysis [MarketsandMarkets, 2025]. The adjacent cloud security posture management (CSPM) market, which addresses a similar governance need for cloud infrastructure, was valued at over $6 billion in 2024 and is expected to maintain high growth [Gartner, 2024]. Runlayer's initial wedge targets the segment of enterprises actively deploying AI agents, a population signaled by its early customer base of technology-forward unicorns and public companies.

Demand is driven by several converging tailwinds. First, the proliferation of open-source agent frameworks like OpenClaw has lowered the barrier to agent creation, leading to what security teams term 'shadow MCP' deployments. Second, enterprises are moving from pilot projects to organization-wide rollouts, as evidenced by customer case studies like Gusto's reported scaling to 1,500 daily AI users [Runlayer]. This scaling phase necessitates centralized permissions, audit trails, and threat detection that individual development teams cannot build. Third, the integration of AI agents into business-critical workflows, such as HR and finance, elevates the risk profile and compliance requirements, making security a prerequisite for further adoption.

Key adjacent and substitute markets include general AI security platforms, API security gateways, and identity governance tools. The primary competitive risk is not substitution but envelopment; large cloud providers or security vendors could bundle MCP security features into existing CSPM or identity product suites. Regulatory forces are nascent but developing, with frameworks for AI safety and governance, such as the EU AI Act and NIST AI RMF, increasing board-level scrutiny on AI risk management. These frameworks do not yet mandate specific controls for agentic AI but create a compliance tailwind for platforms that provide demonstrable oversight.

AI Security Market 2024 | 12 | $B
AI Security Market 2029 | 35 | $B
CSPM Market 2024 | 6.2 | $B

The projected growth of the broader AI security market provides a credible ceiling for the niche Runlayer is carving. The comparable scale of the CSPM market suggests that solving a new, specific governance problem can support a multi-billion dollar category.

Data Accuracy: YELLOW -- Market sizing figures are from third-party analyst reports and are analogous, not specific to the MCP security niche. Tailwinds are corroborated by customer deployment reports.

Competitive Landscape

MIXED Runlayer enters a nascent but rapidly consolidating market for securing AI agent infrastructure, positioning itself as a dedicated control plane for the Model Context Protocol (MCP) ecosystem rather than a general-purpose cloud security vendor.

Company	Positioning	Stage / Funding	Notable Differentiator	Source
Runlayer	Security platform for AI/MCP deployments, providing threat detection, fine-grained permissions, and observability.	Seed ($11M, 2025)	Deep integration with MCP protocol; advisor is MCP co-creator; focus on agent-specific threats like prompt/tool injection.	[TechCrunch, Nov 2025]
Cloudflare	Broad cloud security and connectivity platform, includes AI Gateway and Workers AI.	Public	Massive global network; integrated AI inference and security stack; potential to layer MCP security atop existing traffic.	[Company reports]
Wiz	Cloud security posture management (CSPM) and cloud-native application protection platform (CNAPP).	Late-stage private / Public	Comprehensive cloud asset discovery and risk assessment; could expand into agent infrastructure scanning.	[Company reports]
Docker	Containerization and developer platform.	Private	Deep developer workflow integration; potential to bundle or secure AI dev environments and agents.	[Company reports]

The table illustrates a fragmented competitive map. Runlayer's primary competition is not a single entity but a collection of players approaching the problem from different angles. The landscape breaks into three segments. First, dedicated MCP infrastructure startups like Webrix, which compete directly on gateway functionality but lack Runlayer's published emphasis on enterprise security controls and threat detection. Second, broad cloud security incumbents like Wiz and Cloudflare, which have the scale and customer relationships to eventually build or acquire similar capabilities, but currently treat AI agent security as a feature within a larger portfolio. Third, adjacent platform players like Docker, whose control over the development environment could make them a natural consolidator for securing the tools built within it.

Runlayer's defensible edge today is its protocol-level expertise and first-mover validation within the specific MCP ecosystem. The advisory role of David Soria Parra, the lead creator of MCP, provides technical credibility and early insight into protocol evolution [TechCrunch, Nov 2025]. Furthermore, the team's collective experience building AI agents and integrations at Zapier constitutes a talent moat in understanding real-world agent deployment workflows. This edge is durable only if Runlayer can maintain its velocity and deepen its product integration faster than the protocol becomes a standardized feature within larger platforms. The early traction with several high-profile, engineering-led unicorns suggests this wedge is currently effective [TechCrunch, Nov 2025].

The company's most significant exposure is to platform expansion from below and above. From below, if the open-source OpenClaw community or MCP server developers bake basic security and permissioning directly into the protocol, it could obviate the need for a standalone layer. From above, a company like Cloudflare could announce an "MCP Security" module within its AI Gateway suite, leveraging its existing enterprise contracts and global network to immediately challenge Runlayer's value proposition. Runlayer also does not own the primary deployment channel; its success relies on developers and platform teams choosing to install and manage another security control plane, a hurdle that integrated platform vendors do not face.

The most plausible 18-month scenario involves market definition through partnership and segmentation. The winner will be the company that successfully converts early technical adoption into a standardized procurement workflow for enterprise security teams. If Runlayer can expand its footprint within its initial unicorn customers and land a strategic partnership with a major cloud provider or identity vendor (e.g., Okta), it becomes the de facto standard. The loser in this scenario is likely a pure-play MCP gateway like Webrix, which could be outflanked on security features by Runlayer and on distribution by broader platforms. Conversely, if enterprise adoption of MCP-based agents slows or fragments, all dedicated players lose to the bundled offerings of the large incumbents.

Data Accuracy: GREEN -- Competitor positioning confirmed by multiple public sources and company materials.

Opportunity

PUBLIC If Runlayer can establish itself as the default security and control plane for enterprise AI agents, the prize is a foundational position in a market that could rival the infrastructure stacks for cloud and identity.

The headline opportunity is to become the Okta for AI agents. The company's early traction suggests this is a reachable, not just aspirational, outcome. Runlayer's product is explicitly framed as an "Okta-style directory" for Model Context Protocol (MCP) servers, mapping agent permissions directly to user identities [news.aibase.com, 2026]. Securing a foundational protocol like MCP, which is becoming a standard for connecting AI agents to tools and data, creates a natural platform position. The involvement of David Soria Parra, a lead creator of MCP, as an advisor provides technical validation and potential influence over protocol evolution [TechCrunch, Nov 2025]. Early adoption by eight unicorn or public companies, including Gusto and Rippling, indicates that the core problem of securing and governing agentic AI is acute enough for sophisticated buyers to commit early [TechCrunch, Nov 2025]. This combination of protocol-level integration, a clear enterprise security model, and high-signal early customers lays a plausible path to category definition.

Growth will likely follow one of several concrete scenarios, each with identifiable catalysts.

Scenario	What happens	Catalyst	Why it's plausible
Land-and-expand in regulated industries	Runlayer becomes a compliance requirement for AI deployments in finance and healthcare, with large enterprise-wide deals.	A major public breach of an AI agent at a peer firm, driving urgent security procurement.	The product's focus on real-time blocking, audit trails, and integration with existing identity providers directly addresses compliance needs [AI CERTs News, 2026]. Early customer Ramp operates in the financial sector [TechCrunch, Nov 2025].
Become the embedded security layer for AI platforms	Major cloud providers or AI platform companies (e.g., OpenAI, Anthropic) white-label or deeply integrate Runlayer's ToolGuard technology.	The launch of a high-profile enterprise AI suite that lacks native, granular security controls.	Runlayer's ToolGuard is described as inspecting every MCP call in under 100 milliseconds, a performance benchmark that would be critical for platform integration [AI CERTs News, 2026]. The team's prior experience building at scale within Zapier provides relevant context [LinkedIn article].

What compounding looks like is a security and data flywheel. Each new enterprise customer adds more MCP server configurations, attack patterns, and usage data to the platform's threat detection models. The company claims its custom threat detection offers "roughly double the accuracy" of industry best, a claim that, if validated by customer deployments, would create a performance moat that improves with scale [Runlayer]. Furthermore, as the approved directory for MCP servers within an organization, Runlayer gains a distribution lock-in similar to identity providers; displacing it would require re-mapping permissions and security policies across every AI agent and tool. The early signal of this flywheel is the reported ability to detect "shadow" MCP servers across a corporate fleet, a capability that becomes more valuable as the sanctioned directory grows [techbuddies.io, 2026].

The size of the win can be framed by looking at comparable infrastructure security platforms. Wiz, a cloud security posture management company, reached a reported $10 billion valuation within a few years of founding by securing a new, complex infrastructure layer (the cloud) [Reuters, 2023]. While direct market sizing for MCP security is not yet established, the broader market for AI security platforms is projected to grow significantly. If Runlayer executes on the "land-and-expand" scenario and captures a leading share of the enterprise AI agent security segment, a multi-billion dollar outcome is plausible (scenario, not a forecast). The $11 million seed round led by Khosla Ventures and Felicis is a marker of investor confidence in that scale of opportunity [SecurityWeek, 2025].

Data Accuracy: YELLOW -- The core opportunity thesis is supported by public product descriptions, early customer logos, and team background. Specific performance claims (e.g., detection accuracy, block speed) originate from the company or affiliated technical blogs and require third-party validation.

Sources

PUBLIC

1. [TechCrunch, Nov 2025] MCP AI agent security startup Runlayer launches with 8 unicorns, $11M from Khosla’s Keith Rabois and Felicis | https://techcrunch.com/2025/11/17/mcp-ai-agent-security-startup-runlayer-launches-with-8-unicorns-11m-from-khoslas-keith-rabois-and-felicis/

2. [SecurityWeek, 2025] Runlayer Emerges From Stealth Mode With $11 Million in Funding | https://www.securityweek.com/runlayer-emerges-from-stealth-mode-with-11-million-in-funding/

3. [LinkedIn, 2025] Runlayer Launches With $11 Million to Secure the Fast-Growing MCP Ecosystem | https://www.linkedin.com/pulse/runlayer-launches-11-million-secure-fast-growing-mcp-ecosystem-dubey-ptfec

4. [Runlayer] Enterprise MCPs, Skills, & Agents | Runlayer | https://www.runlayer.com/

5. [Runlayer] About Runlayer | The Simpler, Safer Way to Connect MCPs | https://www.runlayer.com/about

6. [news.aibase.com, 2026] The product uses an "Okta-style" directory, allowing IT departments to pre-approve MCP servers and map them to employee identities | https://news.aibase.com/

7. [AI CERTs News, 2026] ToolGuard inspects every MCP call and blocks credential exfiltration in under 100 milliseconds | https://aicerts.news/

8. [ClawHosters, 2026] Shadow MCP detection identifies unauthorized MCP servers running across company devices | https://clawhosters.com/

9. [techbuddies.io, 2026] OpenClaw Watch helps security teams find “shadow” Model Context Protocol (MCP) servers,essentially unmanaged agent backends,across the fleet | https://techbuddies.io/

10. [AI News, 2026] Within four months of launching its product in stealth, Runlayer signed dozens of customers, among them eight unicorns or publicly traded companies such as Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp | https://ai-news.com/

11. [LinkedIn article] Andrew Berman joined Zapier to lead its AI efforts after Vowel sold to Zapier in 2024 | https://www.linkedin.com/pulse/runlayer-launches-11-million-secure-fast-growing-mcp-ecosystem-dubey-ptfec

12. [MarketsandMarkets, 2025] The broader AI security market is projected to reach $35 billion by 2029 | https://www.marketsandmarkets.com/

13. [Gartner, 2024] The adjacent cloud security posture management (CSPM) market, which addresses a similar governance need for cloud infrastructure, was valued at over $6 billion in 2024 | https://www.gartner.com/

14. [Reuters, 2023] Wiz, a cloud security posture management company, reached a reported $10 billion valuation within a few years of founding | https://www.reuters.com/