DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

“McDonald's, I came here to chew bubblegum and secure your pipeline… and I’m all outta bubblegum.”

Patrick Duggan
Aug 28, 2025
2 min read

Guest Blogger: Rowdy Roddy Piper, DevSecOps Evangelist

"Stop fighting and put on the glasses!"

When I put on the glasses and looked at McDonald’s infrastructure, what I saw wasn’t just sloppy—it was a buffet of bad decisions served with a side of plaintext passwords. The hacker known as BobDaHacker didn’t need a crowbar or a steel chair—he just changed “login” to “register” in a URL and walked into the Design Hub like it was the Royal Rumble.

Let’s break down the vulnerabilities that got exposed faster than a heel turn on Saturday night:

🍗 Client-side reward validation let users claim free nuggets without enough points.
🔓 Open registration endpoints bypassed authentication with a simple URL tweak.
📧 Plaintext passwords emailed to users like it was 1999.
🔑 Exposed API keys in JavaScript files, ripe for phishing.
🕵️‍♂️ Impersonation features in employee portals gave basic accounts executive access.
🧠 AI hiring system used “123456” as a password, exposing 64 million applicants.

You can read the full breakdown on Cybersecurity News.

💪 How Snyk Would’ve Body-Slammed This Breach

If McDonald’s had Snyk in their corner, this whole mess would’ve tapped out before the first bell rang:

Snyk Code: Would’ve flagged insecure client-side logic like a ref catching brass knuckles.
Snyk Open Source: Would’ve scanned for vulnerable dependencies in the Design Hub.
Snyk IaC: Would’ve locked down misconfigured cloud assets tighter than a sleeper hold.
Snyk API Security: Would’ve sniffed out exposed endpoints and secrets like Piper sniffing out a corporate alien in They Live.

Want to see how Snyk does it? Check out their official documentation for the full playbook.

🔐 DevSecOps Ain’t Just a Buzzword—It’s a Finishing Move

“You send passwords in plaintext, you get hacked in prime time! You leave your APIs exposed, and you’re beggin’ for a breach! You want to play in the big leagues? You better bring Snyk to the fight!”

"With the right tools, the dangers become visible!"

This isn’t just about McDonald’s—it’s about every dev team out there thinking they can skip security and still win the match. You want to be a champion? You build like one. You secure like one. You test like one.

🎬 Final Bell: Put on the Glasses

In They Live, Piper saw the truth behind the façade. In DevSecOps, the glasses are your scanners, your linters, your threat models. Put them on. See the flaws. Fix them before someone else does.

Because in this ring, there’s no second round when your secrets are exposed.

“McDonald's, I came here to chew bubblegum and secure your pipeline… and I’m all outta bubblegum.”

💪 How Snyk Would’ve Body-Slammed This Breach

🔐 DevSecOps Ain’t Just a Buzzword—It’s a Finishing Move

🎬 Final Bell: Put on the Glasses

Recent Posts

Comments