How Enterprises Become AI-Native

When we first invested in Runlayer's seed (opens in new tab), the question was whether AI agents could be made secure enough for the enterprise. The protocol had opened a door most enterprises could see but couldn’t get a grasp on: real productivity gains on one side, unresolved runtime security problems on the other. Runlayer was building the missing control layer.

Since then, the question has changed.

Enterprises are no longer asking whether agents can work. They are asking whether their organizations can safely operate around them. The two questions are not the same. Eighty-eight percent (opens in new tab) of companies already use AI somewhere in the business, but very few have changed how work actually gets assigned, executed, and measured. A small group of power users keeps pulling further ahead while most employees still experience AI as a better writing assistant or search box. The bottleneck isn't the model. It's the operating layer underneath: how work gets delegated to agents, how authority is scoped, and how enterprises maintain visibility and control as AI spreads across the organization.

Enterprises will not become AI-native by mandate, and they won't get there through prohibition. Lock agents down too tightly and employees route around the system. Open the gates without structure and security loses track of which agents are running, what they can access, and on whose behalf. The companies that succeed will be the ones that make the sanctioned path the easiest path.

That is the product Runlayer has built. Runlayer brings AI enablement and control together in a single platform.

Today, we're proud to announce that Felicis is leading Runlayer's Series A.

From MCP gateway to agent control plane

At an AI buyer dinner Felicis hosted earlier this year, an executive at a public company came up to Jake, unprompted, and said Runlayer had the strongest product-market fit he'd ever seen.

When we invested in the seed, Runlayer gave enterprises a safer way to run MCP. Today, it is becoming the layer between enterprise agents and the systems, tools, and data they touch.

Employees launch agents from Slack or the workspaces they already use, connect them to MCP servers and AI clients, and have those agents act with permissions tied to the delegating user rather than unmanaged credentials.

For the AI enablement teams that are the primary buyer, the product is a golden path: a control plane for distributing approved capabilities, tracking adoption, and tying identity, permissions, policy enforcement, and real-time visibility to every agent action. Security teams, the second buyer, govern that same work through models trained to catch prompt injection, tool poisoning, output manipulation, exfiltration, and intent drift. Runlayer Watch surfaces the shadow MCPs, plugins, and unmanaged agents a company didn't know it had, then routes employees back onto the golden path instead of relying on blunt bans.

Customers across industries are asking for the same kind of thing from AI: agents that can run meaningful work in the background such as closing the books, triaging tickets, and running analysis, all without a human approving every step. The hard part is building the secure platform underneath, which is what Runlayer is providing.

Customers have followed. Six months after its public launch, Runlayer is now deploying across xx of customers including 12+ unicorns ( Instacart, Gusto, Decagon, Opendoor, dbt Labs, AngelList, Lemonade). Headcount has grown to 40+, with engineers and operators arriving from NVIDIA, Databricks, Snowflake, Uber, Meta, Block, Palo Alto Networks, Glean, and Zapier.

Runlayer is the team that security leaders trust with agent autonomy

The most technical, security-conscious enterprises in the world are turning to Runlayer because it solves a very hard operating question, namely, enabling agents to do useful work without losing control of permissions, data movement, identity, and auditability.

Runlayer’s biggest competitive advantage is the team leading the company. Co-founder and CEO Andrew Berman (opens in new tab) is a three-time founder. Most recently he ran AI at Zapier, where he shipped the first remote MCP server and built AI Actions for millions of users in partnership with OpenAI and Anthropic. His co-founders Tal Peretz (opens in new tab) and Vitor Balocco (opens in new tab) understand the AI stack end to end, from protocol and runtime behavior to product surface and enterprise deployment. Runlayer has partnered with Anthropic and with the people who built MCP itself: David Soria Parra (opens in new tab), who authored the spec, and Theo Chu (opens in new tab), the original MCP PM. Both are also angels in the round, alongside a syndicate of operators building the agent stack: Cursor's Travis McPeak (opens in new tab), Ben Lang (opens in new tab), and Eric Zakariasson (opens in new tab); dbt Labs founder Tristan Handy (opens in new tab); Neon founder Nikita Shamgunov (opens in new tab); and Ely Kahn (opens in new tab), now chief product officer at Okta.

Every employee gets a team of agents

The agent gateway is the starting point. The harder work is rebuilding how the enterprise operates around agents, rather than bolting them onto the company you already have.

Here's how Andrew sees the next few years. AI-native stops being a strategy and becomes the baseline. Every employee, not only engineers or power users, directs a swarm of agents as a normal part of the day. People go from asking AI questions, to delegating tasks, then directing agents, finally supervising agents that run whole missions on their own. Humans keep the goals, the judgment, the exceptions. The agents do the execution, overnight included. One Runlayer customer put it more plainly: "AI transformation is when the agent did it while you slept."

That future only holds together if every one of those agents — tens, sometimes hundreds per person — has an identity, permissions, and security underneath it. Without that layer the swarm is a liability. With it, capacity stops being capped by headcount, and security, compliance, audit, and HR can manage agents on the same surface they already use to manage people.

That's what Runlayer is building. This Series A funds the engineering and field teams to get there: agent runtime, identity, policy, observability, and the support enterprises need as they standardize on the platform.

To Andy, Tal, Vitor, and the Runlayer team: we're proud to keep partnering with you as enterprises move from experimenting with agents to operating with them.