MCP AI agent security startup Runlayer launches with 8 unicorns, $11M from Khosla’s Keith Rabois and Felicis (techcrunch.com)

Runlayer, a startup focused on securing Model Context Protocol (MCP) agent deployments, launched out of stealth with an $11 million seed round led by Keith Rabois (Khosla) and Felicis. Founded by Andrew Berman (Nanit, Vowel) and co‑founders from Zapier, the company says it signed dozens of customers in four months — including eight unicorns or public firms like Gusto, Rippling, dbt Labs, Instacart, Opendoor and Ramp — and recruited MCP spec lead David Soria Parra as an advisor. MCP, introduced by Anthropic in Nov 2024 and now supported by OpenAI, Microsoft, Google, AWS and thousands of companies, is the de facto standard that lets autonomous AI agents access, move and modify enterprise data and systems — but the protocol lacks built‑in security and has already been exploited in prompt‑injection and data‑exfiltration incidents. Runlayer positions itself as an all‑in‑one MCP security stack: a gateway for agent identification and access control plus real‑time threat detection on every MCP request, cross‑server observability and auditing, an enterprise developer environment for safe automation, and fine‑grained permissions that integrate with identity providers like Okta and Entra to enforce least‑privilege (mapping agent rights to human user roles). In a crowded market that includes Cloudflare, Docker, Wiz and open‑source projects like Obot, Runlayer’s pitch leans on its team’s early MCP experience and a bundled approach to close observability, audit and permission “blind spots” that are becoming critical as agents move from experiments to production.