How Gusto Ignited an AI-Driven Workflow Revolution Across 3,000+ Knowledge Workers With Runlayer

When Mike Wittig joined Gusto as CISO and CIO in 2025, he inherited a team that was highly AI-forward, leveraging everything from answer engines to role-specific agents to streamline day-to-day work. “I found myself in this place of great experimentation,” he shares. “Not just engineering, but roles across the company were dabbling with different AI tools.” However, while Mike knew AI adoption would act as a significant force multiplier at Gusto, it didn’t take long for him to discover that this experimental environment was a double-edged sword.

At the time, multiple teams across functions were engaging with MCPs outside of the security team’s visibility. As knowledge workers individually downloaded MCPs from public repositories and self-configured them for AI clients such as Cursor, ChatGPT, and Claude, Mike had no way to centrally vet each addition, log activity, or block prompt-injection risks. Given that Gusto is a registered health insurance broker, the risk of data leakage triggering HIPAA non-compliance was also significant. “AI is incredibly powerful stuff, but it’s also quite dangerous,” Mike shares.

“We needed a way to see what tools were accessing Gusto’s data, where this information was flowing, and if it was safe.”

The impact of unvetted MCP usage expanded beyond security risks and compliance into operational friction. Decentralized experimentation shifted the burden of MCP setup and maintenance onto individual teams, adding configuration and version control to their list of responsibilities.

This not only siphoned bandwidth from other core initiatives but also increased the risk of inadvertently stalling AI adoption across the company. “We wanted to protect our security and data privacy, but also protect our teams,” Mike explains. “If you think you’re doing the right thing and then cause a security incident or suddenly see data you shouldn’t see, that is a huge momentum killer.”

Rather than burdening his team with building an internal MCP security solution (a time-consuming and resource-heavy effort), Mike sought an enterprise AI platform that would centralize and securely connect all tools, agents, and MCPs across Gusto—without introducing technical overhead.

That search ultimately led him to Runlayer.

Gusto chose Runlayer to unlock centralized visibility and access control across every tool, agent, and MCP—enabling teams to accelerate AI adoption without compromising security.

Immediate Time-to-Value

To ensure immediate time-to-value, Runlayer’s engineers worked directly with Gusto’s teams to establish both platform familiarity and foundational MCP servers across Gmail, Slack, Snowflake, and Confluence. As more teams became acclimated to the platform, it didn’t take long for that coverage to expand across role-specific tools such as Workday, NetSuite, and GitHub.

That level of collaboration didn’t end following Gusto’s onboarding. To drive AI fluency across the company, Runlayer established weekly training sessions where teams learned the fundamentals of MCP configuration—an effort that continues to slash technical overhead. “Runlayer taught us how to fish, in a way,” Mike shares. “Now we have far more people who know how to build MCPs, enable AI functionality, and drive better outcomes from their SaaS applications.”

Centralized MCP Lifecycle and Governance

With Runlayer, Mike not only established a unified registry of MCP servers, skills, plugins, and agents, but he also introduced a fundamentally new workflow for each connector deployment. Rather than downloading MCPs from unvetted repositories, knowledge workers now submit requests via Slack whenever they require a new connector. Once the security team has approved and configured the connector to disable potentially destructive actions, it’s published in Gusto’s Runlayer catalog, where any knowledge worker can access it.

And because Runlayer records raw request/response data for all tool calls, MCP connections, and agent actions, Mike and his team now have complete audit trails for HIPAA compliance and incident response at their fingertips. “Runlayer helped us maintain our culture of experimentation, but with the necessary guardrails,” Mike shares. “Now, AI adoption has moved from an AIT team effort to a company-wide initiative.”

Governance That Enables Every Team

But for Mike, the greatest value-add was enabling thousands of knowledge workers at Gusto to shift to conversational, AI-driven workflows. Now, traditionally manual tasks such as pulling data from Salesforce, drafting Slack updates, or generating response emails all happen in one conversation. No more context switching across SaaS applications or Chrome tabs. “Runlayer enables us to conversationally interact with every single SaaS platform that represents all the work that we do in one place,” Mike shares. “That level of efficiency is what will enable us to double or triple the size of our business without doubling or tripling our number of knowledge workers.”

With Runlayer, Gusto capitalized on a culture of AI experimentation, leveraging security as an accelerator rather than a roadblock. As Gusto leans more heavily into AI as a core force multiplier across all functions, Runlayer’s continuous governance and observability will remain the “heart of this strategy.”