CleanStart launches Clean Libraries to secure AI code
Thu, 16th Jul 2026 (Today)
CleanStart has launched Clean Libraries, a product for developers and AI coding assistants that use open-source software components.
The offering is designed to help organisations choose verified open-source libraries before those dependencies are added to applications. It aims to reduce software supply chain risk earlier in the development process, rather than relying on checks after software has already been built.
Open-source libraries are central to modern software development, and each dependency choice can introduce security, licensing and provenance concerns. That challenge has become more acute as AI coding tools increase the speed at which software components are selected and incorporated into codebases.
Clean Libraries identifies unsafe or unverified libraries and offers verified alternatives. Those alternatives are either built from source or backed by verifiable attestations, and are continuously analysed and maintained with security patches for known vulnerabilities.
The product sits alongside Clean Images and CleanSight in CleanStart's software supply chain portfolio. The company describes that broader approach as Software Supply Chain Posture Management, or SSCPM, focused on establishing trust across software that organisations build, acquire and deploy.
Shift left
CleanStart said the new product reflects its "Integrate Left" approach, which places verified software artefacts earlier in the development process. The goal is to govern dependency selection within existing developer workflows and tools without adding approval steps or manual reviews.
This addresses a longstanding issue in software security: many tools identify vulnerabilities only after code has been assembled and dependencies are already embedded in applications. By moving scrutiny to the point of selection, suppliers in this market aim to reduce the cost and complexity of later remediation.
"Software supply chain security has traditionally focused on identifying risk after software has already been built," said Nilesh Jain, Chief Executive Officer and Co-Founder of CleanStart.
"That approach is becoming increasingly difficult in the AI era, where software is created faster than ever before. Organisations need to start with verified software artifacts rather than spend months discovering and remediating unverified software components after they've entered the development lifecycle. Clean Libraries bring that shift to open-source dependencies," Jain said.
AI pressure
The launch also reflects the growing role of AI coding assistants in software development. As those tools suggest packages and generate code at speed, companies are under more pressure to understand the origin, integrity and maintenance status of the external components entering their applications.
Organisations often lack visibility into the vulnerabilities, provenance, licensing and software bill of materials linked to those dependencies. In that context, CleanStart is positioning verified components as a way to place controls around software choices made by both human developers and automated tools.
Biswajit De, Co-Founder of CleanStart, said AI has changed the pace of dependency selection.
"AI has fundamentally changed how software is built by accelerating the rate at which developers and AI coding assistants select open-source dependencies," said Biswajit De, Chief Technology Officer and Co-Founder of CleanStart.
"Every dependency introduced into an application becomes part of the software supply chain, yet organizations often have little visibility into its vulnerabilities, provenance, licensing, or integrity. Clean Libraries help organizations start with verified software components, ensuring the software they build is founded on artifacts that can be trusted because they can be verified," De said.
CleanStart said its three products now cover discovery of software assets, replacement of unsafe software artefacts with verified alternatives, and ongoing verification of software integrity across development and production. The company was founded by Nilesh Jain, Vijendra Katiyar and Biswajit De, each of whom it said has more than two decades of cybersecurity leadership experience.