Overview
Runlayer is the enterprise control plane for MCP servers, skills, and agents. It gives organizations a single place to host, govern, and secure the AI tools their employees rely on — across clients like Cursor, Claude Code, ChatGPT, and VS Code — without forcing users to change their workflows. The platform combines a curated catalog of vetted MCP servers with real-time threat detection, identity-aware access control, and full observability across every agent action.
Classification
- Coverage surface
- MCPEndpointSaaSCloudData/DBAPI
- Stage
- Launched
- Type
- Commercial
- Target audience
- Enterprise
- Deployment
- SaaSSelf-hostedHybrid
Technical profile
Spec-grounded axes, verified by the TWG.
- Interception architecture (R1)
- Protocol GatewaySDK Instrumentation
- Policy model (R3)
- Hybrid
- Authorization decisions (R4)
- ALLOWDENYMODIFYSTEP_UPDEFER
- Conformance level
- Extended (R1–R9)
Conformance review
R1 | Pre-execution interception | ✅ |
R2 | Context accumulation | ✅ |
R3 | Policy evaluation with intent alignment | ✅ |
R4 | Five authorization decisions | ✅ |
R5 | Tamper-evident receipts | ✅ |
R6 | Identity binding | ✅ |
R7 | Semantic distance tracking | ✅ |
R8 | Telemetry export | ✅ |
R9 | Least privilege enforcement | ✅ |
Platform capabilities
- MCP gateway that proxies every tool call with real-time policy enforcement
- Shadow detection and enforcement at the endpoint level via MDM and EDR
- Purpose-built ML threat detection models trained on MCP-specific attacks
- Deep identity integration with Okta, Entra, SSO, and SCIM
- Tamper-evident audit logs of every agent action and tool call
- Slack-based human-in-the-loop approval workflows for sensitive actions
- Semantic distance tracking across long agent task horizons (R7)
- Telemetry export to Splunk, Datadog, Honeycomb, and S3 (R8)
- Least-privilege credential and tool scoping at execution time (R9)
Architecture
Runlayer enforces AARM requirements through two complementary interception patterns. The primary gateway pattern sits between AI clients and MCP servers, proxying every tool call through a control plane where policies and ML security models evaluate the request before it reaches downstream systems. A secondary shadow pattern extends visibility and enforcement to endpoints, so activity originating on local developer machines is brought under the same policy surface. Context accumulation is handled through full session reconstruction across clients and tools, giving the platform end-to-end visibility into agent intent and actions across the full lifecycle. Authorization decisions, identity bindings, and policy evaluations are written to an append-only audit layer.
Key facts
| Founded | 2025 |
| Funding | $11M seed (Khosla, Felicis) |
Maintained by the Runlayer team. Conformance verified by the AARM working group.