Runlayer Joins Anthropic, OpenAI, & Google as AAIF Founding Member ->
Back to blog
Jan 23, 2026
 • 
Engineering

Runlayer Product Update: 1.25.0

This update is about momentum: moving faster in the CLI, getting clearer visibility into what’s running, and debugging with less friction. Expect smoother workflows, better control, and fewer surprises as you build and ship.

Highlights

Catalog & Runlayer Deploy Updates

  • New connectors added: Braintrust, Gong, Snowflake (with full OAuth support!), Lever, Workday, Salesforce, Socket.dev, Scanner.dev, Amplitude, HuggingFace, BrowserUse, Heroku, CrowdStrike Falcon, and Microsoft Agent 365
  • Runlayer Deploy now lets you launch supported connectors straight from the Catalog - fewer steps and less copy/paste to get a server running.
  • Clearer deployment status makes it easier to tell when a deployment is finished vs when the server is actually ready after cold starts. Includes a new Trigger Deployment button for manual re-deployments.

MCP Watch: plug into your current MDM to uncover shadow MCP

  • Admins can now see where unmanaged ("shadow") MCP servers are being configured on devices—plus trends over time and where managed alternatives exist.
  • MCP Watch Re-analysis: Admins can now trigger re-analysis of discovered servers directly from the UI.
  • MDM-friendly deployment: a lightweight, self-contained script that keeps itself updates and runs on whatever schedule you define—completing in under 10 seconds.
  • Shadow MCP discovery is surfaced in Analytics, including discovery trends and "managed available" migration opportunities.
  • Shadow MCPs are categorized to help you prioritize: new/unknown servers vs "managed available" servers you can migrate to Runlayer-managed alternatives.
  • Click through to see affected users and drill down into audit logs for investigation.

Connector metrics: tool call health, usage, and performance

  • A new Metrics tab on connector details makes it easier to understand how a connector is behaving over time.
  • Track tool call success rate and failures, plus security violations.
  • See which tools are most used, slowest, or most failure-prone—and which clients are driving traffic.

Agents Accounts (Beta): programmatic access for your AI apps

  • Agents Accounts let you register AI applications as first-class clients in Runlayer, so they can authenticate programmatically and call MCP tools through the platform.

Microsoft Agent 365 Integration

  • Full OAuth broker support and catalog servers for Microsoft Agent 365, making it easy to connect your Microsoft-powered AI agents to Runlayer.

Skills: safer authentication and smoother setup

  • Skills now support OAuth authentication, expanding what can be connected safely and reducing setup friction in more environments.
  • OAuth-authenticated Skills enable more secure connections without relying on long-lived secrets.
  • Skills UX continued to improve, including better control over tooling behavior and setup flows.

For the complete list of changes, visit the Changelog.

Jan 23, 2026
 • 
Engineering
Read more
Announcing Box and Runlayer's partnership on Enterprise MCP
Connect AI agents to Box content with enterprise security. The official Box MCP server is live in the Runlayer marketplace, with identity enforcement, audit logging, and threat detection built in. Box customers can find Runlayer in the Box Integrations Center. Setup takes minutes.
Jan 27, 2026
 • 
Aidan Sochowski
MCP vs CLI Tools: Which is best for production applications?
CLI tools feel familiar to AI agents, but they break down in production due to brittle syntax, poor state management, and dangerous security assumptions. This post explains why CLI-based agent workflows fail and how a single-tool MCP using a known programming language offers a more reliable and secure alternative.
Jan 25, 2026
 • 
Vitor Balocco
MCP Prompt Injection Attacks: How to Protect Your AI Agents
Two near-invisible prompt injection attacks showed how attackers can bypass default enterprise guardrails and trigger silent, ongoing data exfiltration by exploiting user and model trust. Runlayer blocks these attacks by treating every input as untrusted until it passes continuously updated security models trained on the latest real-world exploits.
Jan 19, 2026
 • 
Jake Moghtader
Cursor Hooks + MCP Security: Official Runlayer Partnership Announcement
Runlayer is an official Cursor Hooks launch partner. With Cursor Hooks, securely allow or deny MCP tool calls with Runlayer's enterprise MCP platform.
Dec 18, 2025
 • 
Marcin Jan Puhacz
The main takeaways from GitHub’s MCP Vulnerability
GitHub’s MCP vulnerability revealed how AI agents can be weaponized through poisoned context in public repositories. This post analyzes the exploit, explains why permissions alone aren’t enough, and shares practical guardrails for preventing and mitigating agent-driven data exfiltration.
Dec 16, 2025
 • 
Vitor Balocco
Runlayer Joins Anthropic, OpenAI, & Google as AAIF Founding Member
The Linux Foundation has launched the Agentic Artificial Intelligence Foundation (AAIF), with Runlayer joining sponsors Anthropic, OpenAI, Google, AWS, Microsoft. AAIF now oversees the Model Context Protocol (MCP), reinforcing MCP as a rising standard for AI agent integration. Runlayer supports AAIF’s open, secure, and scalable AI development mission.
Dec 9, 2025
 • 
Andy Berman
Runlayer Raises $11M to Scale Enterprise MCP Infrastructure
Nov 17, 2025
 • 
Andy Berman
MCP Security Risks: Your AI Agent is Probably Leaking Data Right Now
MCP adoption is accelerating across major platforms, but security risks—like malicious servers, prompt injection, and tool-level exploits—are growing just as fast. This post breaks down real attack scenarios that show how easily data can leak when MCP implementations are trusted by default. It also outlines practical defenses for users and builders, plus why companies need audited MCP catalogs, gateway proxies, and sandboxing to stay secure at scale.
Nov 12, 2025
 • 
Vitor Balocco
Why MCP builders are transitioning from DCR to OAuth CIMD
Over the last year, MCP has surged in adoption. To little surprise, this has introduced some scaling issues. One of these is client registration; previously, systems were rigged together by humans. Today, AI agents discover and interface with MCP servers freely, requiring a new paradigm for client communications.
Nov 7, 2025
 • 
Vitor Balocco
What is Dynamic Client Registration?
Tired of manually registering every AI agent with every OAuth server? Dynamic Client Registration (DCR) lets your agents authenticate with MCP servers at runtime, no human clicks required. Learn how DCR works, when to use it over traditional OAuth, and why it's becoming essential for scalable agentic systems.
Nov 6, 2025
 • 
Vitor Balocco
Agents and Work. Connected.

Runlayer makes it easy to create, host, and scale MCP servers across your organization. Local or remote, every server is secure, discoverable, and simple to manage.

Get an AI summary of this page
OpenAI logo featuring an abstract geometric knot design.Abstract symmetrical starburst shape with multiple elongated rounded spikes radiating from the center in dark gray.Abstract geometric logo consisting of symmetrical angular lines forming a star-like shape.
Solutions
Company
Resources
Connect
© Copyright 2026 Anysource Inc.
SOC 2 Certified
HIPAA Certified
Terms of Service
Privacy Policy