Why AI Agent Governance is the New SaaS: Inside Runlayer's $30M Bet
On June 24, 2026, Runlayer closed a $30 million Series A led by Felicis, with Khosla Ventures aggressively fighting for every available dollar. The capital injection brings the company's total funding to $42 million. That same afternoon, Italian startup Seltz secured a $12.5 million seed round to build a web knowledge API expressly for AI agents, bypassing human search entirely. Meanwhile, in Shenzhen, Tencent began testing "Dayuan," an enterprise agent powered by DeepSeek’s V4 model, natively integrated into WeChat Workplace.
These parallel events signal a profound shift. The enterprise software stack is being rewritten not because models are getting smarter, but because the basic physics of corporate control have broken down.
For twenty-five years, enterprise governance relied on a stable premise: humans use applications; applications expose permissions; IT governs access; and security audits the trail after the fact. Single sign-on, role-based access, and data loss prevention all assume a human hand on the mouse.
Agentic systems shatter this architecture.
An agent isn't an application, nor is it merely a user. It is a delegated actor capable of interpreting intent, selecting tools, traversing systems, and generating operational consequences at machine speed. When an AI is connected to the Model Context Protocol (MCP)—the Anthropic-pioneered standard acting as a universal connector for agentic tools—it can dynamically access hundreds of corporate systems.
This fundamentally alters the attack surface. Security research now identifies tool poisoning, prompt injection via metadata, and protocol-level trust propagation as architectural flaws in the MCP standard, not just implementation bugs. If an employee clicks "export" on a customer database, the system logs the user. If an agent infers it must export that same database to fulfill a vague prompt, traditional security tools are blind to the distinction. Gartner warns that by 2027, 40% of enterprises will be forced to pull agents offline due to catastrophic governance failures.
The Illusion of Control in the Age of Delegation
The gap between deployment and control is vast. While 74% of enterprises expect extensive agent use by next year, barely a fifth have mature governance in place. Fortune 500 companies are projected to deploy over 150,000 production agents by 2028. Right now, most are flying blind.
Runlayer, led by founder Andy Berman, is betting the house on closing this gap. They are pitching a unified control plane that sits between the five to twenty AI clients a typical enterprise runs—whether IDEs, chat interfaces, or Salesforce Agentforce—and the corporate data they touch. Early adopters like Gusto, Instacart, and dbt Labs are buying in because they refuse to build bespoke Model Context Protocol gateways from scratch. They demand fine-grained permissions, threat detection, and real-time observability.
The bull case for Runlayer is compelling: as enterprises deploy a fragmented mess of different models and frameworks, a vendor-neutral governance layer becomes the ultimate tollbooth. By observing agent behavior across departments, they build an unrivaled map of corporate AI risk and productivity.
Skeptics argue this is a feature, not a company. Identity titans, cloud providers, and the model builders themselves will inevitably try to absorb this layer. Furthermore, many early governance tools are little more than compliance theater—expensive dashboards and retrospective audit logs that do nothing to stop a rogue agent in motion.
Owning the Moment of Action
The structural reality is that governing an agentic workforce demands an entirely new paradigm. Enterprises must stop treating agents like software applications and start managing them like delegated employees.
Blanket AI policies will fail. Governance must be risk-tiered based on an agent’s actual autonomy, its blast radius, and the reversibility of its actions. An agent drafting marketing copy requires fundamentally different oversight than one authorized to execute vendor payments.
Over the next 36 months, the market will violently consolidate. Startups selling fear and policy wrappers will die out. The survivors won't just log what went wrong—they will sit directly in the execution path, enforcing boundaries before a catastrophic API call is ever made.
The ultimate prize will not go to the company that builds the smartest agent. It will go to the company that owns the exact millisecond an agent is about to act.
not investment advice
Sources: https://www.runlayer.com/blog/series-A-30m-fundraise-felicis-khosla