Doppel Sent an AI Takedown Bot. Medtronic Skipped Item 1.05. Microsoft Already Published the Chain. A Disclosure Teaching Moment.

May 6, 2026 · DugganUSA LLC

At 05:16 UTC this morning, Doppel — an AI-powered "brand protection" company — sent us a trademark takedown demand under penalty of perjury. They CC'd Medtronic's enforcement team. The post they want deleted is titled "Microsoft Just Published the Vish Chain We Warned Medtronic About," and it went up three days ago.

Three companies are mentioned in that title. All three operate under different disclosure obligations. This post is about the gap between those obligations, and what happens when AI-driven legal-threat automation is pointed at the only public counterweight to it.

This is not a roast. This is the reference.

The Email, In Full

From: [email protected] To: [email protected] CC: [email protected] Subject: Takedown Request - hxxp[://]dugganusa[.]com/post/microsoft-just-published-the-vish-chain-we-warned-medtronic-about

Body, verbatim:

Name: Doppel SOC Team Infringing Site: dugganusa[.]com/post/microsoft-just-published-the-vish-chain-we-warned-medtronic-about Other related infringing sites: (blank)

The infringing site is using trademark MEDTRONIC without authorization. This unauthorized use of their trademark may cause customer confusion / harm.

We kindly request the immediate removal of the infringing site and ensure the user refrains from infringing the mark in the future.

Authority to Act: We, Doppel, confirm that the information in this notice is accurate and assert, under penalty of perjury, that we are authorized to act on behalf of Medtronic PLC as their authorized agent.

Signed, Doppel Security Operations Center.

The Disclosure Triangle

Three parties. Three disclosure regimes. Receipts for each.

Party One: DugganUSA — Coordinated Vulnerability Disclosure

The applicable framework is industry-standard Coordinated Vulnerability Disclosure (CVD), described in ISO/IEC 29147 and operationalized by Google Project Zero (90-day window), CERT/CC, and CISA.

What we did:

March 19, 2026, 16:42 UTC. We sent a vishing-chain warning to [email protected]. We received an autoresponder from [email protected] confirming delivery. The warning described, step by step, the cross-tenant helpdesk impersonation chain that would later be used against multiple named victims. We hold the timestamps and the autoresponder.

April 19, 2026. After a 31-day quiet window with no substantive vendor response, we published the chain on the public blog. April 22, Medtronic confirmed the breach. April 24, Inditex, Kemper, and Amtrek were hit using the same playbook.

May 3, 2026. Microsoft Security published "Cross-tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook." It is, line by line, the chain we sent Medtronic on March 19. We wrote a follow-up titled "Microsoft Just Published the Vish Chain We Warned Medtronic About." That is the post Doppel wants deleted.

Compliance assessment: clean. 31-day private window plus vendor no-show is well past industry norms. We engaged in good faith, gave the vendor first crack, published only after no substantive response, and credited the receipt chain on every subsequent post.

Party Two: Doppel — Trademark Notice Procedure

The applicable framework is the Lanham Act (15 USC 1051 et seq.) and platform Terms of Service. Critically, there is no federal "notice and takedown" statute for trademark infringement. The DMCA's 17 USC 512 framework — including the "penalty of perjury" attestation — covers copyright only.

Doppel's notice imports the DMCA's perjury language into a trademark notice. This is not a recognized statutory ritual. It is theatrics, and the theatrics carry tail risk:

If a court determined the perjury attestation was knowingly false in any material respect, exposure includes (a) Lanham Act bad-faith fee-shifting under 15 USC 1117(a), (b) tortious interference and abuse-of-process claims under state law, and (c) potential 18 USC 1001 false-statements analysis where there is a federal nexus. We are not asserting any of these claims. We are noting that the perjury language is a load-bearing element of the notice and Doppel chose to put it in writing.

Substantively, the notice fails on the merits. Nominative fair use is the doctrine controlling whether you can name a trademarked entity in editorial or critical reporting. The Ninth Circuit's three-prong test in New Kids on the Block v. News America Publishing, 971 F.2d 302 (9th Cir. 1992) asks whether (1) the use is necessary to identify the mark holder, (2) the use is limited to what is necessary, and (3) there is no suggestion of endorsement. Naming Medtronic in a post about a vishing chain Microsoft published as Medtronic's actual breach playbook satisfies all three on its face. The doctrine has been reaffirmed across circuits for thirty-three years.

Compliance assessment: notice is procedurally novel and substantively meritless. The perjury attestation is a manufactured ritual rather than a statutory requirement. The trademark theory fails the controlling fair-use doctrine.

Party Three: Medtronic — SEC Item 1.05 Cybersecurity Disclosure

The applicable framework is SEC Reg S-K Item 1.05, effective December 18, 2023, requiring public registrants to disclose material cybersecurity incidents on Form 8-K within four business days of determining the incident is material. The rule was the SEC's response to a decade of underdisclosure of cyber events by public companies.

Medtronic plc (NYSE: MDT) filed a single 8-K following the breach: accession number 0001628280-26-027272, filed April 27, 2026, reporting an "earliest event" date of April 24, 2026. We pulled the filing from EDGAR.

The 8-K was filed under Item 7.01 (Regulation FD Disclosure) and Item 9.01 (Exhibits). It was not filed under Item 1.05 (Material Cybersecurity Incidents).

The substantive language includes the operative passage: "the Company does not currently expect the incident to have a material impact on its business or financial results." Item 7.01 disclosures are explicitly "furnished" rather than "filed" — meaning they do not carry Section 18 liability under the Exchange Act. The filing makes that distinction in writing.

Cross-checking the full SEC filing record for Medtronic in 2026: zero 8-K filings in 2026 to date have included Item 1.05. We pulled the entire filings index from data.sec.gov/submissions/CIK0001613103.json this morning. The grep returned no hits.

Compliance assessment: Medtronic chose the lighter disclosure path on the grounds that the incident is not material. That determination is theirs to defend. We make three observations.

First, "materiality" under Item 1.05 includes operational, reputational, and regulatory dimensions, not only "currently expected" financial impact. Second, the same intrusion playbook hit at least four other named entities (ADT April 20, Inditex April 24, Kemper April 24, Amtrek April 24) — that is the kind of cross-victim pattern that elevates regulatory scrutiny risk. Third, Microsoft Security publishing the playbook on May 3 elevates the public-reputational profile of the incident in ways that complicate a static "non-material" determination made on April 24. None of those observations prove the disclosure was non-compliant. They describe the surface area against which the determination has to hold up.

We cap that assessment at 95% epistemic confidence. We are not Medtronic's counsel and we have no visibility into the internal materiality memo.

What This Reveals

Three parties, three disclosure stances:

DugganUSA: maximal disclosure, on the public record, with timestamps. Microsoft: maximal disclosure, on the public record, three days ago. Medtronic: minimal disclosure, "furnished" rather than "filed," explicit non-materiality claim. Doppel: weaponizing trademark notice procedure to suppress the maximally-disclosed party.

That last vector is the new one. It is the teaching moment.

In a world where SEC Item 1.05 was supposed to make breach disclosure default-on for public companies, AI-driven brand-protection takedowns are emerging as the default-off mechanism. The economics are direct: an AI bot can issue a hundred takedowns per dollar. An independent researcher takes a day to respond to each one. The asymmetry is the product. Most researchers fold; the disclosure record gets quietly thinner; the public companies that bought the brand-protection service file lighter 8-Ks; the SEC's 2023 rule loses force.

The line between "brand protection" and "disclosure suppression" is not where Doppel's marketing puts it. It is where the takedown bot lands.

Why The Bot Was Wrong, Mechanically

Doppel's bot scanned the public web for the string MEDTRONIC. It matched our URL slug "microsoft-just-published-the-vish-chain-we-warned-medtronic-about" because that string appears in it. It did not parse the slug. The slug is the thing the bot is trying to suppress, and the slug is also the receipt that the suppression is wrong. The system has no semantic layer.

Three corroborating tells inside the same email:

The defang. Doppel's outbound pipeline rendered our domain in the subject line as "hxxp[://]dugganusa[.]com" — the syntax threat researchers reserve for malware command-and-control servers and credential-phishing kits. Doppel's product taxonomy classifies a threat-intelligence blog as malware-class infrastructure.

The CC. The notice was copied to [email protected], which loops Medtronic's brand-protection queue automatically on every notice. Medtronic was therefore CC'd on a takedown demand directed at the security firm that warned them about the breach Microsoft published three days ago. The structural absurdity is not Patrick's writing; it is the bot's output.

The fallback line. Doppel's email signature contains the sentence "If we have contacted you incorrectly, please respond back to this email." That sentence is in the template because the false-positive rate is high enough to require a built-in retraction handle. Doppel knows the rate. The rate is part of the product.

The Post Stays Up

We are not removing the post. We are not editing the post. We are not adding a disclaimer. The post is true, the post is documented, and the post is necessary public-interest reporting on a confirmed breach of a publicly-traded medical-device company that received our advance warning six weeks before the incident, ignored it through their Product Security autoresponder, confirmed the breach on April 22, and filed a non-material 8-K under Item 7.01 on April 27.

What we are doing instead: publishing this. Adding the takedown notice itself to the receipt pile. Filing the email under takedown-attempts/2026-05-06-doppel-medtronic alongside the original Medtronic warning, the Microsoft Security blog post, the April 27 8-K, and this analysis.

If Doppel has a problem with that, they have our address. They demonstrated as much this morning. We will respond to their disclosed retraction handle ([email protected]) with a copy of this post and a request that the notice be withdrawn. We will publish the response.

A Note for the Industry

A few audiences will read this post by audience:

Other independent security researchers, if you receive a Doppel notice or one like it, the doctrine controlling the question is nominative fair use. The notice is meritless on a trademark theory. You do not have to fold. Push back, document, publish. The fold rate is the product; lowering the fold rate kills the product.

Public-company general counsel reading this through your enforcement aliases, your brand-protection vendor's takedown pipeline is currently classifying public-record security reporting as malware infrastructure and demanding suppression under perjury attestations the trademark statute does not authorize. That is happening in your name. Your SEC disclosure obligations under Item 1.05 are not satisfied by suppressing the third parties who publish the truth about your incidents. The opposite, in fact.

SEC Division of Corporation Finance staff, if you are watching the Item 1.05 compliance picture, the cross-victim pattern in late April 2026 (ADT / Inditex / Kemper / Amtrek / Medtronic) is the kind of cluster that historically marks a regulatory inflection point. We are happy to share our IOC trail, the timestamped Medtronic outreach, and the Doppel notice with any staff who request them.

Microsoft Security Response Center, thank you for publishing the playbook on May 3. We were six weeks ahead of you, and you were six weeks ahead of where most of the industry would have been without your post. The Stryker, Baxter, and now Medtronic disclosures are landing because the public chain is now incontrovertible. Keep going.

Doppel customers reviewing your vendor footprint, your brand-protection bot is mailing perjury attestations against truthful security reporting in your name. The asymmetric cost of that mistake — measured in regulatory scrutiny, reputational damage, and the chilling of the only public source that warned you about your own incidents — is meaningfully larger than the asymmetric saving on labor that the bot delivers. Audit the outbound queue.

Receipts

The post Doppel wants deleted: dugganusa.com/post/microsoft-just-published-the-vish-chain-we-warned-medtronic-about

The Medtronic April 27 8-K (Item 7.01, Reg FD): SEC EDGAR accession 0001628280-26-027272

The SEC Item 1.05 rule: SEC Final Rule, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, effective December 18, 2023

The controlling trademark doctrine: New Kids on the Block v. News America Publishing, 971 F.2d 302 (9th Cir. 1992)

The Microsoft Security Response Center post: "Cross-tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook," May 3, 2026

The Doppel takedown email, in full: above, verbatim, as received

— Patrick Duggan DugganUSA LLC, Minnesota

Aye.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com