MCP AI agent security startup Runlayer launches with 8 unicorns, $11M from Khosla’s Keith Rabois and Felicis

Summary

On Monday, a new Model Context Protocol security startup called Runlayer launched out of stealth with $11 million in seed funding from Khosla Ventures’ Keith Rabois and Felicis. It was created by third-time founder Andrew Berman (previous companies: baby-monitor maker Nanit and an AI video conferencing tool, Vowel, that sold to Zapier in 2024). In the four months since Runlayer launched its product in stealth, it has signed dozens of customers, including eight unicorns or public companies like Gusto, Rippling, dbt Labs, Instacart, Opendoor, and Ramp, it says. It also nabbed David Soria Parra, the lead creator of MCP, as an angel and advisor, Berman tells TechCrunch. (Parra did not respond to our request for comment.) Parra’s team at Anthropic launched the protocol in November 2024 as an open source project. MCP has since become the de facto standard for allowing AI agents to connect with the data and systems they need to work independently. It allows agents to access data, move it, alter it, and execute business processes without human oversight. The protocol is now supported by every major model maker including OpenAI, Microsoft, AWS, Google as well as thousands of tech and enterprise companies; just to name a few: Atlassian, Asana, Stripe, Block, others ranging from banks to consumer goods manufacturers. “Everyone talks about AI,” Berman, Runlayer’s CEO, told TechCrunch. “but AI is really only as useful as the tools and the resources it has access to.” The problem is, the MCP protocol itself doesn’t include much security out of the box, so many MCP implementations have already been found to be vulnerable in a variety of ways. Techcrunch event San Francisco | October 13-15, 2026 The poster children are probably GitHub and Asana. In May, researchers at Invariant Labs discovered a prompt injection vulnerability in MCP servers that allowed them to grab data from private GitHub repositories (ones that shouldn’t have been accessible to the public). Asana discovered and ...