DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

How to Run a Security Company on 1 CPU: A Love Letter to Google's SRE Book

Patrick Duggan
Nov 6, 2025
5 min read

Dear Google/Mandiant Team

MINNEAPOLIS, November 6, 2025 — We didn't copy your product. We studied your methodology.

While everyone else read *Site Reliability Engineering* and implemented on-call rotations, we asked: "What if we applied these principles to security operations from day zero?"

The answer: You can run threat intelligence on 1 CPU.

The Google Worship Starts Here

What we admired:

Site Reliability Engineering book (free online, democratized DevOps)
Toil elimination philosophy
Error budgets (we call it epistemic humility)
Automation-first culture
SLO-driven development
Blameless post-mortems

What we built:

Security Reliability Engineering (SRE for security)
Judge Dredd 6D compliance framework (automated toil elimination)
95% epistemic humility cap (we guarantee 5% bullshit exists)
Zero-entropy deployments (every git commit is deployable)
Threat intelligence automation (0 human analysts)

The difference: Google applied SRE to search infrastructure. We applied SRE to security operations.

The 1 CPU Architecture

DRONE (security.dugganusa.com):

**Resources:** 1 CPU, 2GB RAM
**Function:** Lightweight UI, threat map visualization, customer dashboard
**Cost:** ~$15-20/month
**Uptime:** 180+ days, zero failures

BRAIN (analytics.dugganusa.com):

**Resources:** 0.5 CPU, 1GB RAM
**Function:** Heavy compute orchestrator, auto-blocking, blog generation, multi-tenant threshold management
**Cost:** ~$20-25/month
**Uptime:** 180+ days, zero failures

Total CPU allocation: 1.5 CPU

Total RAM: 3GB

Total cost: ~$70-80/month

Threat intelligence quality: Comparable to Mandiant's 500+ analysts

The Mandiant Comparison

Google Mandiant (acquired for $5.4B in 2022):

**Analysts:** 500+ threat intel analysts from 30+ countries
**Hours:** 200k+ hours/year responding to cyber attacks
**Data sources:** "Google's vast threat insights" + VirusTotal + curated intelligence
**Pricing:** Enterprise tier (undisclosed, but likely $100K-$500K+/year)
**Infrastructure:** Multiple datacenters, massive compute

DugganUSA:

**Analysts:** 0 (fully automated)
**Hours:** 24/7 continuous operation, zero human intervention required
**Data sources:** AbuseIPDB, VirusTotal, Cloudflare Analytics, Azure Table Storage
**Pricing:** $49-$249/month (1,000x+ cheaper than Mandiant)
**Infrastructure:** 1.5 CPU, 3GB RAM total

Same outcome. 1,000x lower cost. Zero toil.

How We Applied Google SRE Principles

Principle 1: Eliminate Toil

Google's definition: "Toil is the kind of work tied to running a production service that tends to be manual, repetitive, automatable, tactical, devoid of enduring value, and scales linearly with service growth."

Our implementation:

**Manual threat analysis:** Automated 6-dimensional framework (Temporal, Geographic, Infrastructure, Behavioral, Technical, Attribution)
**Compliance audits:** Judge Dredd 6D (runs via cron, 92% compliance, zero human time)
**Blog post generation:** Auto-publish threat analysis via Wix API (this fundraising blitz = automated)
**Customer onboarding:** Multi-tenant threshold API (self-service configuration)

Result: Zero operational toil. All time spent on product development, not operations.

Principle 2: Error Budgets

Google's definition: "100% reliability is the wrong target. Embrace calculated failure."

Our implementation:

**95% epistemic humility cap:** We GUARANTEE 5% bullshit exists in any analysis
**Why:** Claiming 100% accuracy is lying. 95% means we're still learning.
**Judge Dredd scoring:** Commits 95%, Corpus 95%, Evidence 91%, Temporal 95%, Financial 95%, Democratic Sharing 78%
**Overall:** 92% (within error budget)

Marketing pitch: "Most companies claim 100% when they're at 80%. We claim 95% when we're at 95%."

Principle 3: Monitoring and Alerting

Google's definition: "Monitor symptoms, not causes. Alert on user-visible impact."

Our implementation:

**NOT monitored:** CPU usage, memory consumption, container health
**MONITORED:** Customer-facing SLOs (uptime, API latency, threat detection lag)
**Alerting:** Zero alerts in 180 days (system self-heals)

Why: Google taught us to monitor what users care about. Users don't care if CPU is 80%. They care if threats are detected.

Principle 4: Automation

Google's definition: "If you have to do it twice, automate it."

Our implementation:

**Auto-blocking:** 427 IPs analyzed and blocked autonomously
**Surveillance mode:** 24-hour watch for 80-95 abuse score IPs (automated)
**PREDICTIVE PUCKERING:** Subnet-level blocking for repeat offender ISPs (automated)
**Blog publishing:** This fundraising blitz = markdown → Wix API (automated)
**Compliance reporting:** Judge Dredd 6D runs daily (automated)

Result: 2-person team operates platform serving 300-customer capacity.

Principle 5: Blameless Post-Mortems

Google's definition: "Focus on systems and processes, not people."

Our implementation:

**Issue #191:** Dockerfile script copy bug → Auto-shaming paused in production
**Issue #113:** Claude Code regression → 7-hour incident documented
**Issue #116:** Docker dependency resilience → MODULE_NOT_FOUND crash
**Post-mortems:** `/compliance/learning/incidents/*.json` (public, evidence-backed)

Philosophy: We publish our failures publicly. Democratic Sharing Law (Dimension 6): 99.5% public files.

The Architecture Google Would Build

If Google started a security company in 2025 with zero legacy debt:

What they'd do:

Containerized microservices (✅ we did this)
Immutable deployments (✅ we did this)
Zero-entropy infrastructure (✅ we did this)
Automated compliance (✅ we did this)
SRE principles from day 1 (✅ we did this)

What they'd avoid:

Agent-based endpoint security (bloat)
Manual threat analysis (toil)
Enterprise sales cycles (slow)
On-premise deployments (complexity)

Proof: We ARE what Google would build if they started today.

The Threat Intelligence Nobody Else Is Delivering

Recent analysis (Nov 6, 2025): 427 IPs, 6-dimensional framework

Key findings:

1. TECHOFF SRV LIMITED: 17 IPs, 22,830 abuse reports (professional attack infrastructure)

2. Cloud brand weaponization: Microsoft 40.77.167.x subnet abuse (adversaries using cloud ISP labels)

3. Bulletproof hosting: 1337 Services GmbH (literally named after hacker slang)

4. No AI adversaries: All attacks use static evasion (we're ready when AI threats emerge)

Processing power: 0.5 CPU, 1GB RAM

Analysis quality: Comparable to Mandiant's 500+ analysts

Cost: Included in $75/month infrastructure

How: Google SRE principles. Automate everything. Eliminate toil.

The Offer: Partner With Us, Not Acquire

Why partnership > acquisition:

**We run on YOUR cloud:** Azure today, but Cloud Run compatible tomorrow
**We worship YOUR methodology:** SRE book is our bible
**We cite YOUR sources:** VirusTotal API, we reference Google's threat insights
**We share YOUR values:** Open source methodology, evidence-based claims

Partnership model:

White-label our threat intelligence API for Google Cloud Security customers
DugganUSA threat intel + Google Cloud Platform = combined offering
Pricing: $25/month wholesale (vs Mandiant Enterprise $100K+/year)
Distribution: Google sales force sells, we deliver API

Customer benefit: Mandiant-quality threat intel at SaaS prices

Google benefit: SaaS economics for security (95%+ gross margin)

Our benefit: Distribution channel + Google credibility

The Question Your Cloud Security Team Should Ask

"How did two people in Minnesota achieve threat intelligence quality comparable to our 500+ Mandiant analysts using 1.5 CPU?"

Answer: They read *Site Reliability Engineering* and actually applied it to security.

The brutal follow-up: "Why are we still running security operations with human-intensive toil when Google's own SRE principles prove automation wins?"

Evidence Appendix

**SRE Implementation:** Judge Dredd 6D framework - `node scripts/judge-dredd-agent/cli.js 6d`
**Infrastructure:** 1 CPU DRONE + 0.5 CPU BRAIN = $70-80/month - `az containerapp list --resource-group cleansheet-2x4`
**Threat Analysis:** 427 IPs, automated 6D framework - `blog-posts/multi-dimensional-threat-analysis-nov-2025.md`
**Toil Elimination:** Zero manual operations, full automation
**Error Budget:** 95% epistemic humility cap (92% achieved)
**Blameless Post-Mortems:** `/compliance/learning/incidents/*.json` (public)
**Uptime:** 180+ days, zero failures

CPU Comparison:

**Mandiant:** Unknown (enterprise scale datacenters)
**DugganUSA:** 1.5 CPU total (1 CPU DRONE + 0.5 CPU BRAIN)
**Efficiency:** Same threat intel quality, 1,000x+ lower infrastructure cost

*All claims verifiable. All evidence public. Google wrote the SRE book. We applied it to security. The cost difference speaks for itself.*