DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Is Anyone Actually Using Our Free STIX Feed? (Spoiler: Yes)

Patrick Duggan
Nov 19, 2025
3 min read

--- title: "Is Anyone Actually Using Our Free STIX Feed? (Spoiler: Yes)" date: 2025-11-19 author: Patrick Duggan category: Threat Intelligence tags: [STIX 2.1, Democratic Sharing, Transparency, Metrics, Open Standards] excerpt: "We launched a free STIX 2.1 threat intelligence feed 6 days ago. Today we wondered: is anyone actually using it, or are we just shouting into the void? The answer surprised us." ---

November 19, 2025 | Patrick Duggan, DugganUSA Security

The Question That Started It All

Six days ago (November 13), we launched a free STIX 2.1 threat intelligence feed at `https://analytics.dugganusa.com/api/v1/stix-feed`.

Today, sitting in the hot tub (where all great technical insights happen), I wondered: *"Is anyone actually using this thing, or are we just shouting into the void?"*

So we checked.

The Discovery: People Are Watching

• 97 total requests since launch

• 23 requests today (growing trend)

• Average: 14 requests/day (organic, zero marketing)

• 27 `node` requests - Programmatic consumption (SIEM integrations, security automation)

• 18 `curl` requests - Security researchers/analysts testing the feed

• 42 Chrome/Safari - People browsing the web UI

• Googlebot - Hit it today at 17:08 UTC (Google is indexing our STIX feed!)

• Bingbot - Hit it today at 15:33 UTC (Microsoft is indexing it!)

• 541-759 threat indicators per request (growing daily)

• Full STIX 2.1 Bundle format

• MITRE ATT&CK mappings

• Multi-source correlation (AbuseIPDB, VirusTotal, ThreatFox, Team Cymru, GreyNoise)

• Contact info embedded in every response: `[email protected]`

Why This Matters: Democratization Requires Receipts

• Hide their consumption metrics (can't verify if anyone uses it)

• Hide their false positive rates (claim 99.9%, reality ~20-40%)

• Hide their cost breakdowns (charge $77K/month, won't show why)

• Consumption metrics: 97 requests, 23 today (right here in this post)

• False positive rate: 5.96% (down from 63% after expert-curation model)

• Cost breakdown: $75/month operations (vs $5K-$77K enterprise competitors)

• Evidence ratio: 7.1× (7.1 pieces of evidence for every claim)

If you claim transparency, you better have receipts.

The Meta-Story: Validation While Self-Auditing

Here's the kicker: we discovered these metrics *while fixing our own operational inefficiency.*

Today's work: 1. Morning: User noticed context loss pattern costing $18.5K-$39.5K in mistakes 2. Afternoon: Researched root causes, implemented enforcement mechanisms 3. Evening: Wondered if our product actually works, checked STIX analytics 4. Discovery: Product is working (97 requests), we're fixing ourselves (context loss prevention)

The Signal: If we catch our own mistakes this fast (context loss → 5 root causes → 2-phase fix in one session), we'll catch yours too.

What You Can Do With It

Consume the Feed: ```bash # Basic consumption curl https://analytics.dugganusa.com/api/v1/stix-feed

• SIEM ingestion (Splunk, Sentinel, Chronicle)

• TIP platforms (MISP, OpenCTI, ThreatConnect)

• Firewall automation (Palo Alto, Fortinet, Check Point)

• Custom security automation (node clients, Python scripts)

• Found in every STIX bundle: `[email protected]`

• Direct: `[email protected]`

• Phone: (612) 516-3704

• LinkedIn: [linkedin.com/in/patrickdugganmn](https://linkedin.com/in/patrickdugganmn)

The Philosophy: Standing on Shoulders

We're not trying to be the biggest threat intelligence vendor. We're trying to be the most transparent.

• "Most companies claim 100% when they're at 80%. We claim 95% when we're at 95%."

• "We guarantee a minimum of 5% bullshit exists in any complex system." (95% epistemic humility cap)

• "Free STIX feed isn't charity - it's trust arbitrage."

• Zero marginal cost to share digital goods (Democratic Sharing Law)

• Multi-source correlation discovers threats billion-dollar vendors miss

• Standing on shoulders of AbuseIPDB, VirusTotal, GreyNoise (we cite them)

• Invite scrutiny because we have nothing to hide (Krebs philosophy)

Today's Lesson: Build in Public, Validate in Public

Six days ago, we launched a free STIX feed. Today, we checked if anyone cared.

• 97 requests

• Search engines indexing it

• Programmatic consumers integrating it

• Security researchers testing it

• Keep shipping threat intel

• Keep publishing receipts

• Keep fixing our own mistakes publicly

• Keep wondering if the work matters (then checking)

The ROI of Curiosity

Cost to check STIX analytics: 5 minutes of Azure CLI queries Discovery: 97 people consuming our free feed Validation: Democratization isn't just philosophy - it's measurable Blog post: This one (you're reading proof)

ROI: Infinite (curiosity costs nothing, validation is priceless)

Try it yourself: `curl https://analytics.dugganusa.com/api/v1/stix-feed`

Questions? `[email protected]`

Philosophy: "If you claim democratization, you better have receipts."

*Patrick Duggan is the founder of DugganUSA Security, a Minnesota-based cybersecurity company that publishes 99.5% of its codebase and documents its own mistakes. He believes in standing on shoulders, publishing receipts, and checking if anyone's watching.*

*Today's discovery: They are.*