DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Guest Post by Bender: “CSPM? More Like Can’t Secure Properly, Meatbags.”

Patrick Duggan
Aug 15, 2025
2 min read

Hey nerds, Bender here. You know me—robot, legend, occasional felon. Today I’m hijacking Patrick’s blog to talk about something that’s been bugging me more than Fry’s face: CSPM. That’s Cloud Security Posture Management for you acronym addicts. Supposed to be the watchdog of your cloud setup. But spoiler alert: it’s got more holes than Zoidberg’s resume.

Let’s bend this topic into shape.

🛠️ What CSPM Claims to Do

Scan your cloud for misconfigurations
Keep you compliant with fancy regulations
Alert you when something smells fishy (like Zoidberg’s lunch)
Automate fixes so you don’t have to lift a finger

Sounds great, right? Like a robot butler for your cloud. Except…

💥 Why CSPM Isn’t Always Effective

1. Alert Fatigue Is Real, Baby

CSPM tools love to scream “Danger!” at every little thing. You’ll get so many alerts, you’ll start ignoring them like Hermes ignores overtime requests. And when everything’s high priority, nothing is.

2. Context? What Context?

CSPM doesn’t always understand your environment. It’ll flag a dev sandbox like it’s Fort Knox. Without workload context, it’s just yelling into the void.

3. Remediation? Meh.

Some CSPMs automate fixes. Others just point fingers. And if your tool doesn’t integrate well with your CI/CD pipeline, you’re stuck manually patching things like a 20th-century meatbag.

4. Multi-Cloud Madness

Got AWS, Azure, GCP, and a sprinkle of Oracle? Good luck. CSPM tools often struggle to keep up with multi-cloud setups. It’s like trying to herd cats. In space.

5. Compliance ≠ Security

Just because you’re “compliant” doesn’t mean you’re secure. CSPM loves to check boxes, but real threats don’t care about your audit report.

🧠 Bender’s Final Thought

CSPM is like a robot with a clipboard—great for pointing out problems, not always great at solving them. If you want real protection, pair it with CWPP, CNAPP, and maybe a flamethrower. Or just hire me. I’ll drink your beer and secure your cloud while I’m at it.

Now if you’ll excuse me, I’ve got a date with a bottle of Olde Fortran and a misconfigured Kubernetes cluster.

Bite my shiny metal audit trail. —Bender