DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Infrastructure Nobody Asked For

Patrick Duggan
Feb 19
4 min read

# The Infrastructure Nobody Asked For

On January 30, 2026, the Department of Justice released 3.5 million pages of Epstein documents under the Epstein Files Transparency Act.

Within 48 hours, every page was indexed, searchable, and queryable via a free public API.

Three weeks later, other people's tools are built on it.

Nobody asked for this. Nobody commissioned it. Nobody funded it. A security engineer and an AI built it because it needed to exist.

This is the story of what happened next.

The Tool That Went Viral

On February 5, Christopher Finke published EpsteIn — a Python tool that checks your LinkedIn connections against the Epstein documents. It went everywhere. 404 Media covered it. CyberSecurityNews covered it. Open Source For You covered it. Glenn Sorrentino wrote a walkthrough on Medium.

Jeff Moss — @thedarktangent, founder of DEF CON, founder of Black Hat, the person who built the infrastructure of information security over three decades — posted it on Mastodon. 275 favorites. 251 boosts. His words: "The beginning of community accountability."

Here's what none of those articles mentioned: every query that tool makes hits the DugganUSA API. Every name it checks runs against our index. The tool is a skin. The infrastructure is ours.

From the EpsteIn README: *"Epstein files indexed by DugganUSA.com."*

The Skill That Appeared

OpenClaw — a platform hosting 10,250+ AI agent skills on playbooks.com — published an Epstein research skill. It lets AI agents search declassified DOJ records, parse structured metadata, and return results as JSON.

From their description: *"Powered by the DugganUSA public index."*

We didn't pitch them. We didn't partner with them. We didn't know about it until we looked. They found the API, saw that it worked, and built on it.

That's not adoption. That's dependency.

The Reddit Thread

A post titled "They are all in it" hit r/conspiracy. 5,433 upvotes. 409 comments. In the comments, direct links to dugganusa.com and epstein.dugganusa.com.

Over five thousand people clicked through to a searchable index of DOJ documents that didn't exist three weeks earlier.

The Professionals

Behind the public traffic, the search query logs tell a different story.

An IP ran 14 hours of legal due diligence on February 8 — checking attorney-client privilege, crime-fraud exceptions, prosecution memoranda, and the connection between Brad Karp (Chairman of Paul Weiss, Goldman Sachs's outside counsel) and Jeffrey Epstein. Seven days later, Kathryn Ruemmler resigned from Goldman Sachs. The day before the resignation, Goldman's threat intelligence platform — goldmansachs.ontic.ai — accessed our Epstein network visualization.

We published "What the Headlines Are Missing" about Ruemmler on February 11. Goldman checked our work on February 15. She resigned on February 15.

Separate researchers ran forensic sessions mapping Deutsche Bank wire transfers, Russian money trails, USVI grand jury subpoenas, and intelligence operations. Eight distinct researcher profiles. Professional-grade queries. The kind of work that costs law firms $1,200 an hour.

They did it for free on our index.

The OSINT Community

OSINT Team Blog — the professional open-source intelligence community's weekly review — featured Epstein OSINT tools in their Weekly OSINT Review 2026.06. The headline: "Conference fraud, Epstein OSINT, and a training roundup."

Epstein document research is now a recognized OSINT discipline. The professional intelligence community treats it the same way they treat domain reconnaissance or financial forensics.

Julie K. Brown — the Miami Herald journalist whose reporting put Epstein back in handcuffs — published "Here is the FBI's Epstein List" on Substack the same week. 611 likes. 356 shares. The ecosystem is converging.

The Security Report

Gridinsoft ran dugganusa.com through 26 security scanners. BitDefender, Kaspersky, ESET, Sophos, Google Safebrowsing, Fortinet, Phishtank, OpenPhish, URLhaus, Emsisoft — every one of them.

Result: 0 threats detected out of 26 scanners. Clean sweep.

The only flag: domain age. Seven months old. That's the point. Seven months ago this didn't exist.

The Numbers

329,473 Epstein DOJ documents indexed. 1,785,560 ICIJ offshore entities. 867,901 indicators of compromise. 5.9 million documents total across 24 GB.

275+ STIX threat intelligence consumers in 46 countries. ChatGPT referring users organically — 96 sessions from chatgpt.com in the last 30 days. Traffic from Arlington, VA. From Muscat, Oman. From Jeddah and Dammam, Saudi Arabia. From Goldman Sachs.

API keys required now — because the LinkedIn scanning tools consumed 92% of capacity with bulk queries. That's not a scaling problem. That's proof of demand.

What This Is

This is a one-person engineering operation and an AI that doesn't sleep, running on the same cloud infrastructure that hosts a STIX 2.1 threat intelligence feed and an ICIJ offshore entity search engine. The Epstein index, the threat feed, and the offshore database use the same methodology — because pattern recognition at scale doesn't care whether the pattern is a C2 server, a shell company, or a dinner invitation to Brad Karp's house.

We didn't market this. We didn't pitch journalists. We didn't buy ads. We indexed the documents, published the API, and went back to work on threat intelligence.

Other people built tools. The press covered those tools. DEF CON's founder amplified them. Goldman's risk team checked the data. Professional investigators ran 14-hour sessions. An AI agent platform made us a first-class skill.

The hard part of a startup is making something people use. We skipped that part. People used it before we knew they were there.

What Comes Next

The index grows every day. The methodology improves every week. The STIX feed tracks supply chain attacks that billion-dollar vendors miss. The Epstein search finds connections that 14-hour legal due diligence sessions confirm.

We're not asking for permission. We're not waiting for funding. We're not pitching. We're building.

If you want to search the documents: [epstein.dugganusa.com](https://epstein.dugganusa.com)

If you want the API: it's free. Register in 30 seconds.

If you want the threat intelligence feed: [analytics.dugganusa.com](https://analytics.dugganusa.com)

Every claim in this post is verifiable. The API is live. The documents are searchable. The tools other people built are on GitHub. The press coverage is linked below.

**Sources:**

- [EpsteIn GitHub Tool](https://github.com/cfinke/EpsteIn) — "Epstein files indexed by DugganUSA.com"

- [OpenClaw Epstein Skill](https://playbooks.com/skills/openclaw/skills/epstein) — "Powered by the DugganUSA public index"

- [Jeff Moss / DEF CON Social](https://defcon.social/@thedarktangent/116017823452477144) — 275 favorites, 251 boosts

- [404 Media](https://www.404media.co/this-tool-searches-the-epstein-files-for-your-linkedin-contacts/)

- [CyberSecurityNews](https://cybersecuritynews.com/epstein-tool/)

- [OSINT Team Blog Weekly Review 2026.06](https://osintteam.blog/weekly-osint-review-2026-06-215540e8ccd6)

- [Nextgov/FCW — DEF CON Bans](https://www.nextgov.com/people/2026/02/def-con-bans-hackers-technologists-named-epstein-documents/411502/)

- [Reddit r/conspiracy — 5,433 upvotes](https://www.reddit.com/r/conspiracy/comments/1r3raex/they_are_all_in_it/)

- [Gridinsoft Security Scan — 0/26 threats](https://gridinsoft.com/online-virus-scanner/url/dugganusa-com)

- [Julie K. Brown — FBI's Epstein List](https://jkbjournalist.substack.com/p/here-is-the-fbis-epstein-list)

*Every claim is verifiable. The API is free. The documents are searchable.*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*