Every enterprise AI deployment has a moment where someone asks the security question. Who controls what the agent can access? What happens if it is compromised? How do we audit what it did?

For AI agents operating through the Model Context Protocol, those questions do not have clean answers yet. Runlayer raised $11 million in November 2025 to build them.

The seed round was led by Khosla Ventures via Keith Rabois and Felicis Ventures. Runlayer builds security infrastructure specifically designed for MCP implementations: the layer that handles authentication, authorisation, audit logging, and threat monitoring when AI agents connect to enterprise systems.

The Security Gap in the MCP Stack

The Model Context Protocol solves a real problem. It gives AI agents a standardised way to connect to external tools and data sources. Before MCP, every integration was a custom build. After MCP, an agent can theoretically connect to any MCP-compatible system without bespoke engineering.

But standardisation at the connection layer creates new risks at the security layer.

An AI agent with MCP access to your CRM can read customer data. An agent with access to your file storage can read contracts. An agent with access to your code repositories can read proprietary software. If those connections are not properly scoped, monitored, and audited, you have a new category of risk sitting inside your enterprise AI infrastructure.

The problem is not hypothetical. Traditional software accesses systems with well-defined service accounts, explicit permissions, and audit trails that compliance teams understand. AI agents are different. They can be instructed to do things their initial scope did not anticipate. They can be manipulated through adversarial inputs. And because they operate in natural language, their instructions are harder to govern than a list of API calls.

Runlayer’s thesis is that as MCP adoption scales across enterprises, every deployment becomes a security surface that needs the same kind of governance that organisations apply to network access, identity management, and data classification.

Why Khosla and Felicis Backed This

Keith Rabois at Khosla Ventures has a track record of backing security-adjacent infrastructure at the point where a new technology category starts generating enterprise risk that the market has not yet priced in.

The pattern here is recognisable. A new connectivity technology gets adopted fast, creates widespread access to sensitive systems, and eventually produces an incident that makes security a board-level concern. The security companies that are positioned before that incident happens capture significant value when enterprise procurement shifts to require them.

With MCP at 97 million monthly SDK downloads and adoption by every major cloud and AI provider, the volume of enterprise MCP deployments is already meaningful. The security infrastructure to govern those deployments is still thin.

Runlayer’s position is that it can own the security layer before the incident that makes this an urgent board conversation.

What Businesses Should Be Thinking About

If your organisation is deploying AI agents that connect to internal systems through MCP, the security posture question is worth addressing now rather than after a problem surfaces.

The specific questions worth asking are straightforward. What systems can your AI agents access via MCP? Is that access scoped to what the agent actually needs, or is it broader because broader was easier to configure? Do you have audit logs of what your agents did with that access? Can you detect anomalous access patterns in real time?

Most organisations deploying AI agents today have not fully answered these questions. That is a reasonable place to be in 2026, when the category is still maturing. But the window for treating enterprise AI security as an afterthought is closing. The volume of agent deployments, the sensitivity of the systems they connect to, and the regulatory attention on enterprise AI governance are all moving in the same direction.

Runlayer is not the only way to address this. But the fact that Khosla-backed security infrastructure for MCP exists and is well-funded tells you that serious investors believe the market for it is real and growing.

---

Enterprise DNA helps businesses design AI agent deployments with the security and governance structures that enterprise operations require. Talk to us before you deploy at scale.