Press & Media

Press kit for Rune.

Everything you need to cover Rune accurately. If you're writing a piece and want quotes, data cuts, or an exclusive angle, email press@runesec.dev — you'll reach the founder, not a PR firm.

Boilerplate

A paragraph to copy-paste.

Rune is an independent runtime Agent Detection and Response (ADR) platform for AI agents. Built by Declan Paul in the UK, Rune scans agent inputs, outputs, and tool calls at the I/O boundary — detecting prompt injection, data exfiltration, and policy violations before they cause damage. Integrates with LangChain, OpenAI, Anthropic, CrewAI, and MCP in three lines of Python. Free tier: 10,000 events/month, no credit card.

Key facts

The fact sheet.

Company: Rune
Website: runesec.dev
Founded: 2026
Headquarters: United Kingdom
Founder: Declan Paul
Category: Agent Detection & Response (ADR)
Pricing: Free tier: 10,000 events/mo. Self-serve paid plans.
Distribution: pip install runesec (Python SDK). MCP server. Convex-backed dashboard.

Citeable data

What we're seeing in production.

All figures are from Rune's production-like scan of 1,000 AI agent sessions across open-source demos, public agent repositories, and synthetic workloads. Full methodology: /blog/agent-security-report. Figures are comparable but distinct from Palo Alto Networks Unit 42's published numbers, which cover general LLM traffic rather than tool-using agents specifically.

14.2%

of AI agent sessions in our production scan contained a prompt-injection attempt. (Methodology: 1,000 sessions across open-source demos, public repos, and production-like synthetic workloads. See /blog/agent-security-report.)

9.1%

of scanned sessions showed data-exfiltration risk through legitimate-looking tool calls.

73%

of agents observed had overly-permissive tool access — principle-of-least-privilege failures.

4.6%

of sessions showed multi-step attack patterns — the kind single-turn LLM scanners don't catch.

Background

The context journalists tend to need.

The consolidation story (2025–26): Lakera Guard was acquired by Check Point in September 2025. Protect AI (Guardian) was acquired by Palo Alto Networks in July 2025. Promptfoo was acquired by OpenAI in March 2026. Rune is one of the few remaining independent developer-first platforms in the AI agent security category.
ADR vs AI-SPM: AI Security Posture Management (AI-SPM) tools inventory agents and assign risk scores — posture, not protection. Agent Detection & Response (ADR) operates at the I/O boundary at runtime: inputs are scanned before reaching the LLM, outputs before reaching the user, and tool calls before execution. Rune is an ADR platform.
Why independence matters for developers: Enterprise security suites have incentives that diverge from developer-first usability. When every competitor gets acquired into a large platform, the developer self-serve tier tends to disappear, pricing moves to enterprise, and fast-feedback iteration slows down. Rune's thesis is that the developer-tool market wants to stay developer-first.

Story angles we're open to

If you're shopping an angle.

Original-research / state-of-the-niche: "What we saw scanning 1,000 agent sessions" (data-piece format with methodology)
Category-narrative: "The last independent AI agent-security platform is a solo-founder bet" (arc / consolidation story)
Market-analysis: "Post-Lakera, Protect AI, and Promptfoo acquisitions, where does the AI-agent-security market go?"
Incident-commentary: when a public agent incident drops (e.g., new MCP exploit, agent-mediated exfiltration), Rune can provide technical analysis + quotes
UK-angle: solo UK founder building a category-defining security product

Founder

Declan Paul, Founder.

Declan is the founder of Rune, building an independent runtime security platform for AI agents from the UK. He started Rune after watching team after team wire tool access and database credentials into agents with nothing between the LLM and production.

Available for technical quotes on agent security, prompt injection, indirect injection via RAG pipelines, MCP supply-chain attacks, and the category landscape post-acquisition wave. Reach him at hello@runesec.dev or press@runesec.dev.

Assets

Brand, logos, screenshots.

Rune OG image (1200×630 PNG)AI Agent Security pillar guide Agent security report (methodology + stats)OWASP Top 10 for Agentic AI (2026) breakdown

Need a specific asset — vector logo, product screenshots, high-res headshot, dashboard still? Email press@runesec.dev and we'll send what you need.

Direct contact

Press inquiries reach the founder.

press@runesec.dev hello@runesec.dev (general)