Inside CleanStart’s mission to make software safer from the ground up
With AI-built clean images and a growing global presence, Bengaluru-based cybersecurity startup CleanStart aims to secure the software supply chain before threats ever reach production.
Every day, billions of lines of code are written, shared, and reused across the internet. Developers building new apps often rely on open-source components, snippets of code contributed by others, to save time.
But what happens when one of those components is compromised? A single line of malicious code can expose thousands of applications, bringing businesses to a halt.
That’s the problem US-based CleanStart wants to solve. The cybersecurity startup is creating what Co-founder Vijendra Katiyar calls “a safe foundation for modern software”. By offering clean container images and secure, ready-to-use code packages, it helps companies build and deploy applications without worrying about hidden vulnerabilities.
“Technology is no longer just an enabler; it is the business,” says Katiyar, who serves as CleanStart’s Chief Revenue Officer (CRO). "When an app fails, the business stalls. When a vulnerability is exposed, the brand suffers. Yet most teams still don't know where their code truly comes from."
Before starting CleanStart, Katiyar spent over two decades in the cybersecurity space, including 12 years at Trend Micro, where he led operations in India and South Korea as Managing Director and Country Manager. An engineer in electronics and telecommunications, with a Master’s degree in business from Australia, he joined hands with his co-founders, Nilesh Jain (CEO) and Biswajit De (CTO), to build a company focused on the next big challenge in software security: the software supply chain.
CleanStart, headquartered in the US, began R&D in 2023 in Bengaluru and has since expanded to Ahmedabad and Singapore. The company now has a team of around 80 people.
Solving a growing security crisis
The startup’s flagship product, CleanStart Images, addresses the growing risk of insecure code dependencies. As applications increasingly rely on open-source libraries, public container images, and other third-party components, the risk of vulnerabilities creeping in through these dependencies has surged.
"A modern app is no different from a car," Jain says, "It's made from parts sourced from many places, and people can't always be certain which ones are safe."
CleanStart’s platform provides vulnerability-free, hardened container images, ensuring that the base layer of an application is clean and compliant. The platform is available through a SaaS portal hosted on Google Cloud Platform (GCP), enabling enterprise clients to download and integrate these images into their development pipelines easily.
CleanStart SBOM (Software Bill of Materials), meanwhile, helps companies maintain visibility into every component that goes into their applications, an increasingly vital requirement in regulated industries.
Built on AI from the ground up
CleanStart describes itself as an AI-native company. Its backend is powered by agentic AI workflows and multiple large language models (LLMs) built completely in-house. These AI agents continuously analyse code, detect security gaps, and generate safe, clean images automatically.
“It’s fully made in India, built from scratch, and all the code is developed by our own team,” Katiyar says.
CleanStart operates entirely on a B2B model. Its customers include companies in financial services, insurance, and IT, with one of the Big Four consulting firms among its clients.
Today, CleanStart has more than ten active clients, and many of them are large global brands and a sales pipeline of over 125 opportunities worth about $8-10 million.
It's bootstrapped so far and follows a subscription-based SaaS model with two pricing structures. Clients can either pay per image per year or opt for an enterprise licensing agreement based on the number of images they need, typically 40 to 50 for large organisations.
Riding the cloud wave
As more organisations migrate their systems to the cloud and modernise legacy applications, CleanStart finds itself in the right place at the right time. “Every company today wants to move to microservices,” Katiyar says. “That’s a big opportunity for us.”
The startup’s team is already working on a new product, expected to launch by early 2026, that will act as a secure gateway for open-source code, validating every download to ensure safety before it’s used.
“There’s no company in the world doing this yet.”
Challenges and competing in a new market
While the problem of software supply chain security is global, few companies are tackling it at scale.
According to Katiyar, CleanStart faces no direct competition in India, Asia-Pacific, or Europe. Globally, its main competitor is Docker.
“This domain is still very new,” he says. “We have the early-mover advantage in India and APAC.”
CleanStart’s main challenges were building a skilled team from scratch, gaining trust for a new concept, and proving the value of its product. Katiyar says, “It took time to find the right people and overcome the 'fear of the unknown' since software supply chain security is still new.”
Looking ahead
With offices in India and the US and a growing presence in Southeast Asia, CleanStart aims to expand aggressively in the coming year. It already has a regional sales director in Singapore and plans to double down on its India and US markets.
Internally, the company is gearing up for scale, expanding its sales and R&D teams, and expecting up to 50x growth in revenue in the next financial year.
According to the Fortune Business Insights report, the global container security market is valued at around $2.88 billion in 2025 and is expected to grow rapidly, reaching over $11 billion by 2032 at a compound annual growth rate (CAGR) of about 21-24%. Facing no competition, CleanStart aims to capture about 70-80% of the Indian market in the next few years.