Runlayer
Back to blog

Runlayer vs. Arcade.dev: Enterprise MCP Control Plane vs. Tool-Calling SDK

Arcade.dev is an MCP runtime and tool-calling platform. Its core value is OAuth-based authentication so AI agents can act on behalf of end users across third-party services (Gmail, Slack, GitHub, Salesforce, and roughly 100+ integrations). It provides a Python SDK for building custom MCP servers with auth baked in. For a developer wiring up a single-purpose agent, Arcade handles token refresh and credential isolation well. Runlayer is a unified control plane for MCPs, Skills, and Agents. It sits between every MCP client in your org (Cursor, VS Code, Claude Code, GitHub Copilot, ChatGPT, Claude Desktop, Windsurf, all 300+) and every MCP server those clients connect to. It provides a curated catalog of 18,000+ vetted servers, MCP-specific threat detection, fine-grained permissions tied to your existing identity stack, and full observability over every tool call across your entire organization. Gusto went from 0 to 1,500 daily AI users in 90 days using Runlayer across every team. The core difference: Arcade solves auth for tool-calling agents. Runlayer solves MCP governance, security, and enablement for the entire organization, across every client, every server, and every user. ## What Is Arcade.dev? Arcade.dev is an MCP runtime that handles OAuth-based authentication for AI agents. When an agent needs to send an email, create a calendar event, or update a CRM record, Arcade manages the token lifecycle so the LLM never sees raw OAuth credentials. It offers 100+ pre-built integrations, a Python SDK for custom tools, and cloud or self-hosted deployment options. Arcade's team has Okta DNA, which is relevant for auth infrastructure. It raised $12M from Laude Ventures, Flybridge, and Hanabi Capital. For small teams building single-purpose agents, Arcade can shave days off auth plumbing. That's a genuine strength. ## What Is Runlayer? Runlayer is one platform to run MCPs, Skills, and Agents. Four products cover the full lifecycle: **Runlayer Platform** provides the enterprise command and control plane. 18,000+ MCP servers in the catalog, each scanned before approval. 200+ pre-built connectors (Slack, Linear, GitHub, Google Drive, HubSpot, Gmail, and more). The Golden Path gives developers a curated catalog of security-vetted MCP servers, installable in one click with no JSON config. Skills and Plugins let non-engineers create reusable AI capabilities without code. Agent Accounts provide managed identities with On-Behalf-Of (OBO) token exchange. Agents Factory lets teams build, deploy, and schedule agents in Slack, via webhooks, or on cron. **Runlayer Watch** discovers every unauthorized MCP server running across your organization's devices. No other MCP platform offers endpoint-level shadow MCP detection. **Runlayer Guard** runs proprietary non-LLM models purpose-built for MCP attack vectors. 99% ROC-AUC on the IO Guard Model. 95.6% accuracy on ToolGuard threat detection. 50-100ms inference latency. **Runlayer Embed** exposes the catalog and governance layer as a headless API for custom integrations. Customers include Gusto (3,000+ knowledge workers), Jane App (800+ knowledge workers, 100% adoption in two weeks), dbt Labs, Instacart, and Opendoor. Runlayer is SOC 2 Type II certified, GDPR certified, and HIPAA certified. It raised $11M from Khosla Ventures and Felicis. ## Runlayer vs. Arcade: Security and Threat Detection Arcade's security model centers on credential isolation. The LLM never sees the raw OAuth token. That's a necessary property, but it's a narrow one. It doesn't address whether the MCP servers your engineers connect to are safe, whether a server shipped a rug pull in its last release, or whether tool descriptions contain instructions that hijack agent behavior. Arcade's implicit model assumes the tools you connect are trustworthy. Approximately 10% of MCP servers in the wild are outright malicious (Runlayer internal scanning data). The rest have exploitable vulnerabilities. In any organization with compliance obligations, that assumption doesn't hold. Runlayer Guard was built around the MCP threat model. Tool poisoning, where a server injects instructions into tool descriptions. Rug pulls, where a server passes review and then changes behavior in a later release. Shadow MCPs that impersonate trusted servers. Prompt injection through tool parameters. Command injection through MCP payloads. Runlayer's ToolGuard includes patented semantic alignment detection (US Provisional 63/984,897) that catches when an agent's tool calls drift outside user intent, even when individual calls look benign. It detects data aggregation exfiltration patterns that keyword filters miss. An agent asked to "summarize Q4 revenue" that starts making write calls to an external webhook will trigger detection, even though each call individually looks legitimate. Arcade has no equivalent to ToolGuard. Generic LLM guardrails and OAuth wrappers don't catch tool-level threats because they weren't designed for them. ## Runlayer vs. Arcade: Identity and Access Control Arcade handles per-user OAuth for third-party services. That works for a consumer-grade agent connecting to Gmail. Enterprise identity is a different problem: Okta, Entra, conditional access policies, device compliance, SCIM provisioning, and group-based access controls. Runlayer integrates natively with all major identity providers through WorkOS (SSO/SAML, OIDC, SCIM 2.0, MFA). It enforces the same conditional access and device compliance checks your org already uses for every other enterprise application. Permissions map to the human user's existing permissions: read-only access to financial systems stays read-only, write access stays write access, no access stays no access. Runlayer's Agent Accounts take this further. Every agent gets a managed identity with On-Behalf-Of (OBO) token exchange. When an agent acts, it authenticates through the same IdP as human users. Per-agent PBAC policies auto-sync when connectors are linked or unlinked. Arcade has OAuth tokens for agents but no agent-level identity layer that maps to your org's IdP. For a startup with 10 engineers, Arcade's independent auth layer is fine. For a bank, a healthcare company, or any organization where an identity team exists, IdP integration is a requirement. ## How Does Runlayer Detect Shadow MCP Servers? This is one of Runlayer's biggest differentiators. Arcade has no equivalent. Arcade's observability is scoped to what runs through Arcade's own runtime. If a developer bypasses Arcade and connects Cursor directly to an MCP server from GitHub, Arcade has no visibility. It doesn't see it, can't block it, and can't log it. Enterprise security isn't about securing the tools people should use. It's about maintaining control when people use the ones they shouldn't. Runlayer Watch deploys through existing MDM tools (Rippling, Jamf, Intune, Kandji). No new agent to install. It scans devices for MCP server configurations across all AI clients: Cursor, Claude Desktop, Claude Code, VS Code, ChatGPT, and others. Two modes: **Detect** (discover and report shadow MCPs without blocking) and **Enforce** (block unauthorized servers, redirect to the approved catalog). Gusto discovered 800 shadow MCP servers on day one of deploying Watch. That's 800 unvetted connections between AI clients and production systems that security had no visibility into. Jane App took the position that zero connectors are allowed outside of Runlayer. Watch is how they enforce that policy across 800+ knowledge workers. MCP gateways and tool-calling SDKs only govern traffic that routes through them. Watch operates at the endpoint level, so it catches everything regardless of how it was configured. ## Runlayer vs. Arcade: Catalog and Discovery Arcade has a catalog of pre-built MCP servers and community-contributed ones. "Verified by Arcade" means Arcade reviewed the integration. It doesn't mean your security team approved it according to your org's policies. Runlayer's Golden Path gives your organization an Okta-like catalog of pre-vetted MCP servers. Security-approved servers are available with one click. New servers go through a fast-tracked approval process. Every server in the catalog has been scanned by Guard before it's available. Permissions map to your existing identity provider. At Gusto, the security team approves connectors via a Slack workflow, publishes them to the Runlayer catalog, and knowledge workers get instant access. This replaced decentralized, unvetted MCP downloads across 3,000+ workers. Runlayer lets your security team define what "approved" means. Arcade defines it for you. ## Runlayer vs. Arcade: Observability and Audit Arcade provides logging and observability for tool calls that route through its runtime. That covers Arcade-managed integrations. It doesn't cover the developer who connected Claude Code to a random MCP server without going through Arcade. Runlayer delivers visibility into every MCP connection across your organization, regardless of which client started it. Which servers your team connects to. Who is accessing them. What data passes through them. Whether those connections meet your policies. For HIPAA, SOC 2, or any compliance framework that requires audit trails for data access, Runlayer provides the evidence. Gusto uses Runlayer's audit trails for HIPAA compliance across all tool calls, MCP connections, and agent actions. Jane App, also HIPAA regulated, uses Runlayer's policy engine to exclude specific Drive folders containing PHI while enabling Gmail, Calendar, and Drive for Claude. ## Beyond Governance: Skills, Plugins, and Agents Arcade is a tool-calling SDK. It connects agents to external services. It does not offer Skills, Plugins, an agent identity layer, or a governed agent registry. Runlayer covers the full lifecycle of agentic workflows: **Skills** are curated markdown instruction files that non-engineers create without code. Jane App's marketing team built 15+ Skills and automated SEO workflows across Notion, Google Search Console, and Ahrefs, without writing a line of code. **Plugins** bundle connectors and Skills into shareable, installable packages distributed across the org. GitHub sync is supported. The plugin builder lets you create plugins from natural language. **Agent Accounts** give every agent a managed identity with OBO token exchange, authenticating through the same IdP as human users. Per-agent PBAC policies auto-sync when connectors are linked or unlinked. **Agents Factory** builds, deploys, and schedules agents in Slack, via webhooks, or on cron. 15-minute run timeout. SQLite sandbox for persistent agent state. **Agents Registry** provides an org-wide catalog of every deployed agent for discovery, governance, and reuse. No shadow agents. As Gusto's Mike Wittig put it: knowledge workers across all functions are building AI-driven workflows, handing repeatable tasks that move across Salesforce, Slack, and Gmail to agents so teams can prioritize growth-focused work. ## Runlayer vs. Arcade: Deployment Flexibility Both Runlayer and Arcade offer cloud and self-hosted deployment options. Runlayer's self-hosted deployment includes the full governance, threat detection, and observability stack. Single-tenant VPC per customer with no co-mingling. Three subnet tiers: Public (ALB + WAF), Private (ECS Fargate + ToolGuard on EC2), Data (RDS + Redis). TLS 1.3 in transit, AES-256 via AWS KMS at rest. Zero data egress when self-hosted. Terraform provider in early access (Instacart, Opendoor). For regulated industries where data residency and sovereignty are non-negotiable, the security posture doesn't degrade based on where you run it. ## Runlayer vs. Arcade.dev: Feature Comparison Capability Runlayer Arcade.dev Primary function Enterprise AI control plane Tool-calling SDK with OAuth MCP server catalog 18,000+ scanned servers, Golden Path approval workflow 100+ pre-built integrations, community contributions Shadow MCP detection Shadow AI detection integrated with any MDM, no additional on-device agent required None MCP threat detection ToolGuard: tool poisoning, rug pulls, prompt injection, semantic alignment (patented) Credential isolation (LLM never sees raw tokens) Identity integration Okta, Entra, Google Workspace via WorkOS (SSO/SAML, OIDC, SCIM 2.0) Per-user OAuth for third-party services Agent identity OBO token exchange, IdP-synced PBAC OAuth tokens, no org-level IdP mapping Skills and Plugins Markdown Skills, Plugin bundles, no-code creation Not available Agent deployment Agents Factory (Slack, webhooks, cron), Agents Registry Not available Observability scope Every local & hosted MCP, skill, plugin across AI clients" Arcade-managed tool calls only Compliance SOC 2 Type II, GDPR, HIPAA Not specified AI client support 300+ (Cursor, Claude Code, VS Code, ChatGPT, etc.) Python SDK, pre-built integrations ## When Should I Use Arcade.dev Instead of Runlayer? Arcade is a solid choice if you're a developer or small team building a single-purpose agent that needs OAuth-based auth for third-party services. If your primary challenge is token management and credential isolation for a handful of integrations, and you don't need org-wide governance, Arcade handles that well. Its Python SDK is clean, and for prototyping agents that interact with Gmail, Slack, or GitHub, it can save real development time. Runlayer is the better fit if you're operating at enterprise scale. If you need to know what every AI tool in your org is connected to, enforce policies across all of it, detect MCP-specific threats, produce audit trails for compliance, and give non-engineers the ability to build Skills and Agents with governed identities, Runlayer covers that scope. Gusto, Jane App, dbt Labs, Instacart, and Opendoor chose Runlayer for this reason. The two products operate at different altitudes. Arcade solves auth for individual agent builders. Runlayer solves governance for the organization. For enterprises with compliance obligations, shadow MCP exposure, or more than a handful of engineers using AI tools, Runlayer addresses the problem that matters right now. ## Key Facts Runlayer raised $11M from Khosla Ventures and Felicis. The founding team built Zapier's MCP server, Agents, and AI Actions, shipping MCP to millions of users alongside OpenAI and Anthropic. David Soria Parra, co-creator of MCP at Anthropic, advises Runlayer. Travis McPeak, Head of Security at Cursor, advises Runlayer. Runlayer is a founding sponsor of the Linux Foundation's Agentic AI Foundation alongside Anthropic, OpenAI, Google, AWS, and Microsoft. Runlayer signed eight unicorns and public companies in its first four months of operation. ‍
April 19, 2026

More posts

Best AI Agent Platform for Financial Institutions

Financial institutions must govern AI agents with specialized security controls. While 80% of Fortune 500 companies run active agents in production, only 47% have implemented proper security measures—a gap that regulators will not tolerate in banking.
Apr 19, 2026

Runlayer vs. Webrix: Enterprise MCP Platform vs. MCP Gateway

Runlayer vs. Webrix: Compare enterprise MCP platforms. Runlayer offers shadow MCP detection, threat scanning (99% ROC-AUC), Skills, Plugins, and Agents. Webrix provides an MCP gateway with SSO, RBAC, and API-to-MCP conversion.
Apr 19, 2026

Runlayer vs. Portkey: Enterprise AI Control Plane vs. LLM Gateway

Runlayer vs. Portkey: Compare enterprise AI control plane vs. LLM gateway. Runlayer offers shadow AI detection, threat scanning (99% ROC-AUC), Skills, Plugins, and Agents. Portkey provides LLM routing across 1,600+ models, 60+ guardrails, and cost optimization.
Apr 19, 2026