A new SecurityWeek podcast episode features Clint Bodungen, Director of AI/ML Engineering at Arcovo and founder of ThreatGen, discussing the state of industrial cybersecurity governance and previewing an open-source agentic AI project he says is designed to solve a core limitation in current AI assistants: lack of persistent memory and identity.
In conversation with SecurityWeek’s Brian Schleifer, Bodungen argues that traditional security governance frameworks frequently fail practitioners on the ground, even as the underlying threat landscape has shifted dramatically over the past two decades. He maintains that despite advances in tooling and automation, people, not technology, remain the primary source of organizational risk.
The MindStone Agent
For the first time publicly, Bodungen detailed the origin and design goals of MindStone Agent, an open-source agentic AI project intended to give AI assistants continuity across sessions rather than treating each interaction as stateless. The project focuses on persistent memory and identity, capabilities Bodungen positions as necessary for AI systems to function as reliable, long-term collaborators in operational security contexts rather than one-off query tools.
Autonomous Agents in a Real Ransomware Response
The interview closes with a case study describing a real-world ransomware incident in which autonomous AI agents coordinated multiple stages of the response, including incident response triage, forensic analysis, recovery efforts, and infrastructure migration, with minimal direct human intervention. The example is presented as evidence that agentic AI has moved beyond conceptual demonstrations into operational use during active incidents.
The discussion is relevant to security leaders evaluating where agentic AI fits into incident response workflows, particularly in industrial and OT environments where legacy systems and human factors continue to dominate risk profiles. As organizations weigh adopting autonomous or semi-autonomous AI tooling for incident response, questions around memory persistence, identity management, and governance frameworks for these agents are likely to become more pressing.
The full conversation is available via SecurityWeek’s podcast platform.
