DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Fastest Threat Intelligence Engine on the Planet (With Receipts)

Patrick Duggan
Dec 12, 2025
4 min read

title: "The Fastest Threat Intelligence Engine on the Planet (With Receipts)"

slug: fastest-threat-intel-engine-receipts

date: 2025-12-12

author: Patrick Duggan

tags: [threat-intelligence, benchmarks, stix, mitre-attack, probabilistic-structures, performance]

category: Threat Intelligence

featured: true

# The Fastest Threat Intelligence Engine on the Planet (With Receipts)

While enterprise threat intelligence platforms poll their feeds daily—sometimes weekly—we sweep every 10 minutes. And we can go faster. Much faster.

2 seconds, if we need to.

This isn't marketing. Every claim in this post is backed by a live API you can query right now. No signup. No paywall. Just `curl` and see for yourself.

The 2-Second Challenge

Most threat intel platforms are batch processors wearing real-time clothing. They pull from upstream feeds on a schedule, do some deduplication, maybe add a tag or two, and call it a day.

We built something different.

**PreCog Sweep Engine - Performance Modes:**

| Mode | Latency | What It Does |

|------|---------|--------------|

| **Fast** | 2 seconds | Pure collection, maximum velocity |

| **Sample** | 15 seconds | 10% novelty sampling |

| **Full** | 130 seconds | Complete enrichment pipeline |

Production runs at 10-minute intervals—not because we can't go faster, but because we're enriching every IOC to 97% depth and respecting upstream rate limits. The architecture supports sub-second sweeps when the situation demands it.

The Receipts

Here's where we put up or shut up. Every metric below comes from a live API endpoint. Go ahead, check our work.

IOC Freshness

| Metric | Value |

|--------|-------|

| Newest IOC Age | ~100 minutes |

| Median IOC Age | 2 hours |

| IOCs added (24h) | 814 |

| IOCs added (7d) | 933 |

| Feed span | 29 days |

**What this means**: When a new threat emerges, it's in our feed within hours, not days. Enterprise platforms typically show 4-24 hour latency. We're measuring in minutes.

Enrichment Depth

This is where we flex.

| Metric | Value |

|--------|-------|

| Avg Enrichment Points | **6.81 / 7** (97%) |

| MITRE ATT&CK Coverage | 86.8% |

| SSL/TLS Enrichment | 94.4% |

| ISP/ASN Data | 100% |

| Abuse Score | 100% |

| Bot Classification | 100% |

**Industry benchmark**: Enterprise feeds average 2-3 enrichment points per IOC. We hit 6.81.

Every indicator in our feed includes: geographic attribution, ISP identification, abuse confidence scoring, bot classification, SSL certificate analysis (where applicable), and MITRE ATT&CK technique mapping.

This isn't checkbox compliance. This is giving defenders the context they need to make decisions.

Community Contribution

| Metric | Value |

|--------|-------|

| OTX Indicators Contributed | **219,640+** |

| Pulses Created | 872 |

| Subscribers | 22 |

| Time to 200K | 15 days |

We don't just consume threat intelligence. We contribute back. In 15 days, we pushed over 200,000 indicators to the OTX community—putting us in the top contributor tier globally.

Profile: https://otx.alienvault.com/user/pduggusa

Who's Consuming This?

Microsoft Sentinel is polling our STIX feed 215 times per week.

That's not a typo. One of the largest security platforms on the planet is actively consuming our threat intelligence. The feed works. The format works. The data works.

Pattern #56: The Secret Sauce

Here's where I get a little cagey.

Jensen Huang appeared on Joe Rogan (#2234) and talked about the breakthroughs happening in probabilistic data structures and spectral graph theory—particularly the work coming out of institutions like the University of Toronto. When the CEO of NVIDIA points at academic research and says "this is where the future is," you pay attention.

We did.

Pattern #56 is our implementation of these concepts for threat intelligence. The theoretical foundations are well-established:

- **Probabilistic membership testing** - Space-efficient structures that answer "have we seen this before?" in constant time

- **Locality-sensitive hashing** - Finding similar items (typosquats, lookalike domains) without comparing against everything

- **Streaming frequency estimation** - Tracking trending threats in fixed memory

- **Spectral clustering** - Grouping C2 infrastructure by behavioral similarity

The math is public. The papers are published. Our specific implementation—the tuning, the thresholds, the integration with our enrichment pipeline—that's ours.

**What you need to know**: We achieve O(1) lookups across 500K+ IOCs using ~1.2 MB of memory. Traditional approaches are O(n). At scale, that's the difference between real-time and "check back tomorrow."

The $75/Month Flex

Let's talk about infrastructure.

Enterprise threat intelligence platforms run on millions of dollars of infrastructure. Dedicated security operations centers. Teams of analysts. Massive data lakes.

We run on:

- Azure Container Apps

- A single PostgreSQL instance

- Azure Table Storage

- Cloudflare for CDN

Monthly bill: approximately $75.

This isn't a limitation—it's a design choice. Efficient algorithms beat expensive hardware. Every time.

How to Consume the Feed

STIX 2.1 Bundle

Returns a complete STIX 2.1 bundle with indicators, threat actors, malware references, and relationships. Drop it into Splunk, Sentinel, Elastic, or any STIX-compatible platform.

OTX Integration

Subscribe to our pulses: https://otx.alienvault.com/user/pduggusa

Auto-sync with any OTX-integrated security tool.

Direct API

No API key required. No rate limiting (yet). We want defenders to have access to good threat intelligence.

What We Don't Claim

Epistemic honesty matters.

- We don't claim 100% accuracy. Our enrichment depth is 97%, not 100%. Some IOCs have incomplete data.

- We don't claim to catch everything. Novel threats take time to surface. We're fast, not omniscient.

- We don't claim the math is novel. The algorithms are well-established. The application at this speed is our contribution.

- We don't claim enterprise support. This is a small team. Response times reflect that.

What we do claim: verifiable benchmarks, live APIs, and results you can check yourself.

The Bottom Line

DugganUSA is the fastest threat intelligence engine on the planet.

- **2-second sweep capability** (production at 10 minutes)

- **6.81/7 enrichment depth** (industry average: 2-3)

- **86.8% MITRE ATT&CK coverage**

- **219,640+ indicators contributed** to the community

- **$75/month infrastructure**

Every number above is verifiable. Every endpoint is live. Every claim has receipts.

We're not asking you to trust us. We're asking you to `curl` and verify.

*DugganUSA LLC. Minnesota. Building threat intelligence infrastructure that billion-dollar vendors wish they had.*

*All benchmarks current as of 2025-12-12. Query the live API for real-time metrics.*

The Fastest Threat Intelligence Engine on the Planet (With Receipts)

The 2-Second Challenge

The Receipts

IOC Freshness

Enrichment Depth

Community Contribution

Who's Consuming This?

Pattern #56: The Secret Sauce

The $75/Month Flex

How to Consume the Feed

STIX 2.1 Bundle

OTX Integration

Direct API

What We Don't Claim

The Bottom Line

Recent Posts

Comments