DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Dear Arctic Wolf: You Just Spent $160M on Yesterday's Problem

Patrick Duggan
Nov 6, 2025
5 min read

A Wake-Up Call for the MDR Industry

MINNEAPOLIS, November 6, 2025 — Arctic Wolf, you just acquired BlackBerry's Cylance for $160 million (February 2025). You're processing 1.6 trillion security events per week. You're valued at $4.3 billion.

And you're solving the wrong problem.

The $160M Acquisition That Proves Our Point

What you bought (Cylance):

Endpoint security assets
AI-driven threat detection
BlackBerry's legacy customer base
2015-era AI/ML models

What you're still missing:

Zero legacy debt architecture
SaaS-native multi-tenant economics
Automated compliance frameworks
Cost-per-outcome business models

The problem: You paid $160M to acquire more legacy debt. BlackBerry's Cylance is Windows-era thinking with AI lipstick.

The MDR Trap: Why 1.6 Trillion Events ≠ Better Security

Arctic Wolf's pitch: "We process 1.6 trillion security events weekly"

Translation: "We're drowning in data and need massive infrastructure to tread water"

Our approach: Process only the signal, ignore the noise

Example: Our 6-dimensional threat analysis framework analyzed 427 IPs and found:

TECHOFF SRV LIMITED: 17 IPs, 22,830 abuse reports (professional attack infrastructure)
1337 Services GmbH: Bulletproof hosting, literal hacker branding
Microsoft subnet abuse: Cloud brand weaponization (40.77.167.x range)
**Zero AI adversaries** detected (yet - static evasion techniques only)

Infrastructure required: 0.5 CPU, 1GB RAM

Cost: Included in $75/month total platform spend

Events processed: Only what matters (no 1.6 trillion event theater)

Efficiency difference: We found the same threat intelligence you charge $768M/year to deliver, using 0.5 CPU.

The Real Competition Isn't CrowdStrike

Everyone thinks MDR competition is:

Arctic Wolf vs CrowdStrike
Arctic Wolf vs Rapid7
Arctic Wolf vs BlueVoyant

The REAL competition:

Legacy MDR vendors vs **zero-legacy startups**
Event-count theater vs **outcome-based security**
Headcount scaling vs **automation-first architecture**

We're not competing with CrowdStrike. We're obsoleting the entire MDR model.

What $4.3B Valuation Buys (And Doesn't)

What your $4.3B valuation represents:

Massive sales team
Enterprise customer base
MDR analyst headcount (hundreds? thousands?)
SIEM infrastructure processing 1.6T events/week
Cylance acquisition ($160M)
Fundraising rounds ($899M raised)

What it doesn't buy:

Zero legacy debt (you're carrying BlackBerry's baggage now)
SaaS-native economics (still selling seats, not outcomes)
Automated compliance (still manual audit trails)
1,027x cost efficiency (you're the $77K/month incumbent we're replacing)

The brutal truth: Every dollar of that $4.3B valuation is technical debt masquerading as enterprise value.

The Math You Should Be Scared Of

Arctic Wolf's annual revenue (estimated): $768M

Infrastructure + headcount + overhead: Unknown, but let's estimate 60-70% gross margin = $230M-$300M COGS

Our annual revenue (at capacity): $528K (300 customers × $49-$249/month average)

Infrastructure + headcount + overhead: $75/month infrastructure + 2 people = ~$300K/year total COGS

Our gross margin: 43% at startup scale (gets better with volume)

The problem: We're achieving MDR outcomes at 1,000x+ lower cost structure. When we scale to 10,000 customers:

**Revenue:** $5.28M-$29.88M/year
**Infrastructure:** Still $75/month (multi-tenant scales horizontally)
**Gross margin:** 95%+ (SaaS economics)

Your model: Linear scaling (more customers = more analysts + more infrastructure)

Our model: Zero marginal cost scaling (automation + multi-tenant SaaS)

Who wins in 5 years?

The Cylance Acquisition Was a Mistake

Why you bought Cylance (our guess):

Endpoint security gap in portfolio
BlackBerry customer migration opportunity
AI/ML IP acquisition
Competitive defense against CrowdStrike

Why it was wrong:

1. Legacy AI models: Cylance's AI is 2015-era (pre-transformer, pre-GPT)

2. Endpoint bloat: Windows-centric, agent-heavy, resource-intensive

3. Integration hell: BlackBerry codebase + Arctic Wolf platform = 18-24 months of tech debt

4. Opportunity cost: $160M could have built zero-legacy next-gen platform from scratch

What you should have done:

Acqui-hired 10 ML engineers, built cloud-native endpoint security in 6 months, spent $10M instead of $160M.

Or better: Partnered with us and got multi-tenant threat intelligence for $75/month instead of building it yourself.

The Modern Problems You're Not Fixing

Problem 1: Cloud Brand Weaponization

The threat: Adversaries using Microsoft/AWS/Google subnets to bypass security whitelists

Example (from our analysis):

40.77.167.121 (Microsoft Corporation AS8075) - 100% abuse, 810 reports
ISP shows "Microsoft" but behavior is PURE MALICIOUS
Traditional MDR: "It's Microsoft, whitelist it"
Our approach: IP-level blocking, ASN exemption from subnet auto-blocking

Your solution: ??? (We haven't seen Arctic Wolf address this)

Our solution: Pattern #32 (Polish vs Dent Framework), deployed Nov 4, 2025

Problem 2: Bulletproof Hosting Networks

The threat: Purpose-built attack infrastructure (TECHOFF, 1337 Services, VIRTUALINE)

Example (from our analysis):

TECHOFF SRV LIMITED: 17 IPs, 22,830 total abuse reports
1337 Services GmbH: Literally named after hacker slang, not even hiding it
VIRTUALINE TECHNOLOGIES: 100% abuse, German legal shields

Your solution: Event correlation, SIEM alerts, manual analyst review (slow, expensive)

Our solution: Automated ISP classification, subnet-level PREDICTIVE PUCKERING, 24-hour surveillance mode (fast, cheap)

Problem 3: AI Adversaries (Future Threat)

The threat: Adaptive adversaries using ML to evade detection in real-time

Our current assessment: NOT detected yet (427 IPs analyzed, all static evasion techniques)

Our readiness: 6-dimensional analysis framework, behavioral anomaly detection, professional pacing algorithms

Your readiness: ??? (1.6T events/week suggests you're looking for needles in haystacks, not AI adaptation patterns)

The Offer You Should Consider (But Probably Won't)

Option A: Acquire Us

**Cost:** Seed valuation ($5.7M median 2025) or Series A ($45M)
**What you get:**
Zero legacy debt architecture
Multi-tenant SaaS economics (95%+ gross margin at scale)
90+ patents ($153M-$512M ARR potential)
DARPA methodology (1996-2000 validation, 25 years production proof)
Automated compliance framework (Judge Dredd 6D, 92% compliance)
Crown Jewel IP: Cloudflare bypass methodology (180+ days success)

Option B: Partner With Us

**Model:** White-label our threat intelligence API for Arctic Wolf customers
**Pricing:** $25/month wholesale (vs your $75+ retail)
**Your margin:** 66%+ on threat intel component
**Our benefit:** Distribution channel (your sales team sells our tech)
**Customer benefit:** Better threat intel at lower cost

Option C: Ignore Us

**Outcome:** We scale to 10,000 customers, achieve $30M ARR, raise Series B at $200M valuation
**Competitive impact:** "Arctic Wolf charges $10K/month for what DugganUSA delivers at $249/month"
**Market shift:** Enterprises ask "Why are we paying 40x more for MDR?"
**Your response:** ??? (Price cuts destroy your margin, feature parity requires architecture rewrite)

The Question Your Board Should Ask

"How did two people in Minnesota build threat intelligence comparable to our $4.3B platform for $75/month total infrastructure cost?"

Answer: They weren't trying to compete with us. They were building what comes after us.

The brutal follow-up: "What happens when enterprises realize they're paying 1,000x too much for security?"

Evidence Appendix

**Threat Analysis:** 427 IPs, 6-dimensional framework - `blog-posts/multi-dimensional-threat-analysis-nov-2025.md`
**Infrastructure Cost:** $70-80/month total (1 CPU DRONE + 0.5 CPU BRAIN) - `az containerapp list --resource-group cleansheet-2x4`
**Compliance:** Judge Dredd 6D, 92% score - `node scripts/judge-dredd-agent/cli.js 6d`
**Cloud Brand Weaponization:** Pattern #32 (Nov 4, 2025) - Microsoft 40.77.167.x abuse detection
**Bulletproof Hosting:** TECHOFF SRV (17 IPs, 22,830 reports), 1337 Services detected
**Multi-Tenant Economics:** Deployed Nov 5, 2025 - `lib/customer-config.js`
**Revenue Model:** $49-$249/month tiers, 300-customer capacity, 95%+ gross margin at scale

Cost Comparison:

**Arctic Wolf (estimated):** $10,000+/month per enterprise customer
**DugganUSA:** $49-$249/month (40-200x cheaper)
**Infrastructure:** Arctic Wolf = data centers + analysts + SIEM. DugganUSA = $75/month Azure.

*All claims verifiable. All evidence public. The MDR industry charges enterprise prices for SaaS-era problems. We charge SaaS prices for modern threats. The market will decide.*