Andy Berman

@maryhelenehall @runlayer We’re based in NYC

@berman66 @runlayer Hello! I am a journalist based in Birmingham, Alabama. Seedtable lists Runlayer as a Birmingham startup, but I wasn't able to find any other info online that verifies that. Do y'all have any local connections? seedtable.com/startups/Runla…

This week, our team celebrated in Times Square: 5,000,000+ MCP calls secured with @Runlayer. That’s a massive milestone, with a massive billboard. AI is moving at breakneck speed, and we love that. But every new tool introduces new security risks. We’re building Runlayer so no organization has to choose between adopting AI and protecting what they’ve built. 5,000,000+ secured MCP calls means thousands of agents, workflows, and AI products running with real guardrails in place. It means peace of mind for our enterprise customers like Gusto & Opendoor. Huge congrats to the team. And a genuine thank you to our customers.

@notablecap @runlayer Announcement here: runlayer.com/blog/rising-in…

Some news: we're on @NotableCap's 2026 Rising in Cyber list of AI startups. @Runlayer is quickly becoming the agent platform of choice. We're making it easy for every employee to become AI-native, securely. To me, seeing our name in front of the NYSE validates that mission.

Most CIOs I talk to have killed at least one agent pilot this year. I have yet to see one die because of the model. Gartner says 40% of enterprise apps will have agents by the end of this year. They also say 40% of those agent projects will be canceled by 2027. Most people read those two numbers and assume the cancellation rate is a model quality problem. It is not. The models are fine. The pilots that die in production die for the same handful of reasons every time. - Nobody owns the permission model. - The orchestration breaks on the third tool call. - The logs answer "something failed" but not "what." - Security lives in a system prompt. Governance lives in a slide. None of those sit at the model layer. The teams that ship in the next twelve months are the ones who stopped waiting for the model to fix problems that belong one layer up. The teams that keep waiting are the 40%.

In the last two weeks: ServiceNow shipped Action Fabric, AWS MCP Server hit GA, Microsoft moved Agent 365 to GA. The agent execution layer is the new cloud. Ignore it now, pay for it in 2027.

@FredrikHjelm4 @paulg @GEVS94 @antonosika @joelhellermark @MartinLorentzon @FabianHedin @mradamjafer @jschildt @MaxJunestrand @eldsjal 🇸🇪

@berman66 @paulg @GEVS94 @antonosika @joelhellermark @MartinLorentzon @FabianHedin @mradamjafer @jschildt @MaxJunestrand @eldsjal Door is always open for you Andy

Same week in Forbes: "Is Stockholm the hottest startup city in the world right now?" Probably yes. @paulg flew here to host a massive event for founders. An a16z partner @GEVS94 took nine flights from New York to Stockholm in a single year. Lovable hit $100M ARR in eight months from a small office in central Sthlm. So how did this happen? Talent. Technology is downstream from science, which is a talent game. We have a strong engineering history, and a dense concentration of people in Stockholm who have done the full journey multiple times over the last 20 to 25 years. They build new companies, write the first checks into others, and drag founders into their networks before those founders even know they need the introduction. Capital. Stockholm is the capital of capital in Europe. From angel investing to EQT and Nordic Capital at the top of private equity, to the large consolidated pension funds that anchor late-stage equity and debt. The stack is almost (bar from late stage growth capital) full. Regulations. The regime is predictable, which matters more than people admit. We still need better employee incentive schemes and a cleaner path for skilled foreign talent to come and stay. But the current government is genuinely supportive of the builder community, and that's not nothing. Culture. Swedes love when other Swedes succeed, and not just in sport and music. Also in business. That's different from most of Europe. Make a lot of money, but don't flash it, don't act like you're better than anyone else. The flywheel is spinning faster than it ever has. More people building from more backgrounds. International capital here every week hunting for the next Lovable.

@dsp_ Wisdom of crowds always leads to mean reversion

Got fed up about how we vote as the MCP Core Maintainers on changes, so I built my own platform: voting.modelcontextprotocol.io with a list of public votes, discord notifications, etc. It’s good, minimalistic and the least amount of process we need without being a hassle.

sir, this is Azure console

MCP is necessary for the enterprise. CLI doesn't work or scale for management. APIs weren't built for agents. Model improvement doesn't fix prompt injections or 100s of other security issues. MCP + secure control plane. I can't see it any other way. x.com/signulll/statu…

OpenAI rewarded creature metaphors while training one personality. The behavior leaked across every personality. Their fix: a system prompt that says 'never talk about goblins.' RL rewards don't stay where you put them. Neither do agent permissions openai.com/index/where-th…

Full case study here: runlayer.com/customers/gusto

"Who uses Runlayer at Gusto? Everybody." Legal, HR, finance, engineering and the executive team. "Take this data in Salesforce, send this Slack, draft this email, go!" One interface, one conversation. Works with whatever client they're in: Codex, Claude Code, take your pick. Once people see what's possible, they don't go back. Watch Mike Wittig, Gusto's CISO & CIO, break it down in 80 seconds. 👇

@lifeof_jer Hooks + runtime models to make sure the alignment is correct

@berman66 Tell me more. I’m interested. M

This is the exact reason we built Runlayer. Everyone wants to move faster, no one wants to delete prod.

@TobinSouth The best part is there is still a few times a day you forget this exists.

I still am not over the fact that I have an app on my phone that can just answer any question from all of human knowledge and talk it through with me. wild.

New blog: Building agents that reach production systems with MCP. When should agents use direct APIs vs CLIs vs MCP? Plus patterns for building MCP servers, context-efficient clients and pairing MCP with skills. claude.com/blog/building-…

You only inherit this exposure if your MCP runtime takes raw command strings from config. If your runtime does this, you are not production-ready in the first place. Put MCP behind a control plane that treats the config file as untrusted input

This is "expected" behavior at the spec layer, but not at the production layer. No enterprise should worry about this type of attack. An allowlisted control plane would stop this, we specifically designed @Runlayer this way

Too many don't understand this. Configs should not get blanket trust. That's the production control plane's job. If you don't have a control plane, you don't have secure MCP. We specifically designed @runlayer this way, to securely run enterprise MCP