Gumloop: The AI Agent Builder for Every Employee and Where WorkingAgents Fits

What Gumloop Does

Gumloop is a no-code AI agent and automation platform headquartered in Vancouver, Canada, founded by Max Brodeur-Urbas in mid-2023. The founding principle: “Understanding a task should be the only prerequisite to automating it.” In March 2026, Gumloop raised a $50 million Series B led by Benchmark (Ev Randle), with participation from Nexus VP, First Round Capital, Y Combinator, Box Group, The Cannon Project, and Shopify Ventures.

The platform turns every employee – from the marketing intern to the CEO – into an AI agent builder. No code, no engineering support, no months-long implementation cycles.

Products and Services

Gumloop Agents Proactive AI agents that anyone in a company can build in minutes. Users describe what they want in natural language, and Gumloop’s AI assistant (“Gummie”) constructs the agent. Agents deploy natively across Slack, Microsoft Teams, and Email. Over 115 pre-made building blocks accelerate creation for common patterns.

Agents handle complex, multistep tasks autonomously – processing documents, answering customer support questions, managing workflows, extracting data from unstructured sources, and coordinating across tools. The platform supports connecting to any LLM model without requiring separate API keys or subscriptions.

Gumloop Platform A collaborative environment for building, sharing, and orchestrating agents and automations across organizations. Teams organize work in Workspaces by function – Sales, Operations, Recruiting, Engineering – with shared credit pools and centralized administration.

The platform evolved from a drag-and-drop workflow builder into a comprehensive AI automation suite. A Chrome extension lets users automate browser-based tasks without APIs, and strong document processing capabilities handle unstructured data at scale.

Gumstack – Enterprise MCP Control Plane This is the most strategically relevant product. Gumstack is a security and observability layer for AI agents across an entire organization – not just agents built on Gumloop, but also agents running in Claude Code, ChatGPT, Cursor, and any other MCP client.

Gumstack provides:

• MCP inventory – see every MCP client and server, local or remote, in one dashboard
• Identity and access management – SSO/SCIM integration with Okta, Entra ID, OneLogin. Every API call tied to a specific user, agent, or service principal with full traces
• Role-based access control (RBAC) and attribute-based access control (ABAC) – permission groups controlling which teams can use which tools, with per-tool authorization policies
• Credential management – no local plaintext keys. Enforced credential flows, rotation, revocation, integration with existing vault systems
• Monitoring and audit logging – every core platform action logged, accessible via dashboard or API. Activity tracking with latency metrics and status monitoring
• One-click MCP server deployment – connect a GitHub repo, Gumstack handles building, deploying, scaling, and hosting. Each server gets a secure URL with encrypted secrets and automatic scaling
• 120+ pre-built MCP servers – Gmail, Slack, Salesforce, Apollo, Zendesk, Stripe, Snowflake, and more

Additional enterprise features include:

• Incognito Mode – nothing stored; inputs, outputs, and intermediate steps wiped in real time
• Custom data retention – organization-configurable retention policies
• AI proxy support – route all AI activity through proprietary proxy endpoints
• Deny-listed actions – block specific operations organization-wide or per role (e.g., allow Salesforce reads but block updates)
• AI model restrictions – restrict entire AI providers or specific models to maintain compliance

Pricing Free tier available. Paid plans start at $37/month with a credit-based model. Enterprise pricing is custom.

The Customer Base

Shopify, Ramp, Gusto, Samsara, Instacart, and Opendoor use Gumloop for agent deployment. Over 8,000 customer support questions answered in private Slack channels. Hundreds of customer workshops conducted.

The Synergy Map

Gumloop and WorkingAgents operate on the same thesis – AI agents need governance – but from opposite directions. Gumloop starts with the agent builder and adds governance on top. WorkingAgents starts with governance and provides the control plane that any agent connects through. The overlap in Gumstack is where the conversation gets interesting.

1. Builder vs. Governor – Complementary, Not Competitive

Gumloop empowers non-technical employees to build AI agents in minutes. That is powerful – and dangerous. Every agent a marketing intern builds is a new endpoint that can access company data, call external APIs, send emails, and make decisions.

WorkingAgents does not build agents. It governs them after they are built:

• Gumloop builds the agent – a no-code workflow that processes customer data and sends responses
• WorkingAgents governs it – per-agent permissions ensure the agent can read CRM data but not modify billing records. Three-checkpoint guardrails validate inputs, monitor execution, and inspect outputs. Audit trails log every action with user identity and full context.

This is the same builder-governor pattern that works with Marvik and other agent platforms. Gumloop handles the “what” (agent creation). WorkingAgents handles the “how safely” (agent governance).

2. Gumstack vs. WorkingAgents MCP Gateway – Overlap and Differentiation

Gumstack is Gumloop’s MCP control plane for enterprise security and observability. WorkingAgents’ MCP Gateway is a governed tool registry with per-agent permissions and guardrails. There is real overlap here – both provide MCP governance, access control, and audit logging.

Where Gumstack focuses:

• Cross-platform observability (monitoring Claude Code, ChatGPT, Cursor agents alongside Gumloop agents)
• MCP server deployment and hosting
• Identity provider integration (Okta, Entra ID)
• Credential vault management

Where WorkingAgents focuses:

• Three-checkpoint guardrails (pre/during/post execution) with PII detection across 20+ categories
• Capability-based keycards with four-layer authentication
• Virtual MCP Servers defining hard permission boundaries per team/role/use case
• Prompt injection prevention, content safety, and topic filtering at the gateway
• One instance per customer deployment model – no shared infrastructure
• Designed for SOC 2, HIPAA, GDPR, FedRAMP compliance

The differentiation: Gumstack is an observability and deployment layer – it monitors what agents do and manages MCP server infrastructure. WorkingAgents is an enforcement layer – it actively blocks unauthorized actions, redacts PII from outputs, detects prompt injection, and stops agents from exceeding their permission boundaries in real time.

Gumstack tells you what happened. WorkingAgents prevents what should not happen.

3. Governing 120+ MCP Servers

Gumloop offers 120+ pre-built MCP servers. Each one is an attack surface. Each one connects to a system that contains sensitive data – Salesforce customer records, Stripe payment data, Snowflake data warehouses, Zendesk support tickets.

WorkingAgents’ Virtual MCP Servers provide the isolation layer:

• The Sales workspace’s agents see CRM and communication tools
• The Engineering workspace’s agents see development and deployment tools
• The Finance workspace’s agents see billing and analytics tools
• No agent crosses a boundary that was not explicitly configured

Gumloop’s deny-listed actions (blocking specific operations per role) work at the Gumloop platform level. WorkingAgents’ permission enforcement works at the protocol level – regardless of which client or platform initiated the request.

4. Non-Technical Builders Need Stronger Guardrails

This is the critical insight. When only engineers build agents, governance can be partially embedded in code – developers understand data boundaries, authentication flows, and blast radius. When every employee builds agents, governance cannot depend on the builder’s technical understanding.

A marketing intern who builds a Gumloop agent to “summarize all customer complaints from last month” may not realize the agent is accessing PII, pulling data across regional boundaries (GDPR), or exposing confidential product feedback to an external LLM.

WorkingAgents’ guardrails operate independently of the builder’s intent:

• Pre-execution – validate that the agent’s request is within its permission scope before any tool runs
• During execution – monitor for anomalous behavior, require human approval for high-risk operations
• Post-execution – redact PII, mask credentials, filter confidential data before results reach the agent or the user

The more democratized agent building becomes, the more critical automated governance becomes. Gumloop democratizes the building. WorkingAgents automates the governance.

5. Compliance Gap

Gumloop’s enterprise features include audit logging, incognito mode, custom data retention, and AI proxy support. These are strong operational controls. But the public documentation does not mention SOC 2 certification, HIPAA compliance, or FedRAMP readiness.

For regulated industries – healthcare, financial services, government, defense – compliance certifications are not optional. WorkingAgents is designed for SOC 2, HIPAA, GDPR, and FedRAMP:

• PII detection across 20+ categories
• Encryption at rest and in transit
• Immutable audit logs for regulatory examination
• One instance per customer – no multi-tenant data commingling

Gumloop’s enterprise customers (Shopify, Ramp, Instacart) are technology companies with internal compliance teams. Expanding into healthcare, finance, and government requires a governance layer that is certification-ready. WorkingAgents provides that layer.

Value Proposition

For Gumloop

WorkingAgents gives Gumloop a certification-ready governance layer that extends Gumstack’s observability into active enforcement. Instead of building SOC 2, HIPAA, and FedRAMP compliance from scratch, Gumloop can offer WorkingAgents as the governance tier for regulated industry customers. Every enterprise deal that stalls on “do you have SOC 2 and HIPAA compliance for your agent platform?” has an answer.

The specific unlock: regulated industries. Gumloop’s no-code agent builder is a perfect fit for healthcare operations teams, financial services back offices, and government agencies – if the governance layer can meet their compliance requirements. WorkingAgents provides that governance.

For WorkingAgents

Gumloop provides a high-volume agent creation pipeline. Every agent built on Gumloop is a candidate for WorkingAgents governance. Gumloop’s 120+ pre-built MCP servers create immediate integration surface. The non-technical user base – people who need governance the most because they understand it the least – is exactly where WorkingAgents’ automated guardrails provide maximum value.

Gumloop’s $50 million Series B, Benchmark backing, and enterprise customer base (Shopify, Ramp, Gusto) validate market demand for agent building. WorkingAgents plugs into that demand at the governance layer.

Together

Gumloop builds the agents. WorkingAgents governs them. Gumstack monitors the infrastructure. WorkingAgents’ MCP Gateway enforces the rules. The combined offering is a no-code AI agent platform with enterprise-grade governance, compliance, and audit infrastructure. No other no-code agent builder ships with three-checkpoint guardrails, PII detection, prompt injection prevention, and per-agent capability-based permissions. That is a differentiated position in a market where every platform claims “enterprise-ready” but few can demonstrate it to a compliance officer.

GTC Approach

Gumloop is a Y Combinator company with strong VC backing and a growing enterprise customer base. Their team may have presence at GTC 2026 (March 16-19, San Jose) given the AI infrastructure focus of the conference.

The Conversation Starter

“You have non-technical employees building AI agents that connect to Salesforce, Stripe, and Snowflake. Gumstack monitors what those agents do. But when a marketing intern’s agent accidentally pulls customer PII across a GDPR boundary, who stops it before it happens – not after?”

This positions the conversation at the gap between observability (Gumstack’s strength) and enforcement (WorkingAgents’ strength).

Key Talking Points

1. “We are the enforcement layer that complements your observability layer.” Gumstack monitors. WorkingAgents prevents. Both are needed. This is not competitive – it is complementary infrastructure.

2. “The more you democratize agent building, the more you need automated governance.” Gumloop’s value proposition is that anyone can build agents. The governance implication is that anyone can build agents that access sensitive data. WorkingAgents automates the safety net.

3. “Three-checkpoint guardrails on every tool call – pre-execution, during execution, post-execution.” Gumloop’s deny-listed actions are static policies. WorkingAgents’ guardrails are dynamic – they inspect actual data in real time, detect PII, block prompt injection, and require human approval for high-risk operations.

4. “We are designed for SOC 2, HIPAA, GDPR, and FedRAMP. Your regulated industry prospects need this.” Gumloop’s current customers are tech companies. The next wave of customers – healthcare systems, banks, government agencies – will require compliance certifications. WorkingAgents provides the governance layer that makes those deals possible.

5. “One MCP Gateway. Per-agent permissions. Full audit trail. Your 120 MCP servers governed at the protocol level.” Technical and specific. Shows understanding of Gumloop’s architecture.

What to Ask Them

• How are enterprise customers handling compliance requirements (SOC 2, HIPAA) for agents built on Gumloop today?
• Is Gumstack’s governance model primarily observability (logging after the fact) or does it include real-time enforcement (blocking unauthorized actions)?
• What is the governance model when non-technical users build agents that access regulated data?
• Are they seeing demand from healthcare, financial services, or government prospects?
• How do they handle per-agent permission boundaries when agents span multiple MCP servers?

What to Offer

A proof of concept: take a Gumloop agent workflow that accesses sensitive data (e.g., a customer support agent reading CRM records and responding via email) and route it through WorkingAgents’ MCP Gateway. Demonstrate per-agent permissions (the agent can read support tickets but not billing records), three-checkpoint guardrails (PII detection on outputs, prompt injection prevention on inputs), and a structured audit trail that a compliance officer can review. Show that governance adds milliseconds, not minutes – and that the non-technical builder never has to think about it.

Sources:

• Gumloop lands $50M from Benchmark – TechCrunch
• Announcing Gumloop’s $50M Series B
• Gumloop for Enterprise
• Gumstack – Enterprise MCP Control Plane
• Gumstack: Enterprise MCP Deep Dive – Gumloop University
• Gumloop – Y Combinator
• Gumloop AI Automation Framework
• Gumloop Review – AI Infrastructure & MLOps
• Lindy vs Gumloop Comparison 2026