On Monday, a new Model Context Protocol security startup called Runlayer launched out of stealth with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis.
It was created by third-time founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI video conferencing tool, Vowel, that sold to Zapier in 2024).
In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp, it says. It also nabbed David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman tells TechCrunch. (Parra did not respond to our request for comment.)
Parra’s team at Anthropic launched the protocol in November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect with the data and systems they need to work independently. It allows agents to access data, move it, alter it, and execute business processes without human oversight.
The protocol is now supported by every major model maker including OpenAI, Microsoft, AWS, Google as well as thousands of tech and enterprise companies; just to name a few: Atlassian, Asana, Stripe, Block, others ranging from banks to consumer goods manufacturers.
“Everyone talks about AI,” Berman, Runlayer’s CEO, told TechCrunch. “but AI is really only as useful as the tools and the resources it has access to.”
The problem is, the MCP protocol itself doesn’t include much security out of the box, so many MCP implementations have already been found to be vulnerable in a variety of ways.
Techcrunch event
San Francisco
|
October 13-15, 2026
The poster children are probably GitHub and Asana. In May, researchers at Invariant Labs discovered a prompt injection vulnerability in MCP servers that allowed them to grab data from private GitHub repositories (ones that shouldn’t have been accessible to the public). Asana discovered and fixed a vulnerability in its MCP server in June that could have exposed customer data. There’ have since been many more types of attacks found to work on common MCP server setups.
As you might expect, such security issues have given rise to numerous MCP security products, including products from big-name companies like CloudFlare, Docker and Wiz — as well as a host of star …