DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Legacy of Security Vendors Is Mass Surveillance, Not Security

Patrick Duggan
Mar 3
3 min read

# The Legacy of Security Vendors Is Mass Surveillance, Not Security

The security industry has a dirty secret hiding in plain sight: the product is surveillance, not protection.

Every major endpoint vendor — CrowdStrike, Palo Alto, Zscaler, SentinelOne — runs the same playbook. Deploy kernel-level agents on every machine. Harvest telemetry at scale. Train models on your traffic. Charge you $50-100 per endpoint per month for the privilege of being monitored by a third party with unilateral access to your environment.

Then they slap "AI-powered" on the marketing page and call it innovation.

The Security Vendor Is the Attack Surface

July 19, 2024. CrowdStrike pushed a bad content update. 8.5 million Windows machines bricked simultaneously. Airlines grounded. Hospitals went dark. Banks froze. The largest IT outage in recorded history wasn't caused by a nation-state actor or a zero-day exploit. It was caused by the security vendor.

The thing hired to protect the enterprise became the single largest point of failure in the enterprise.

This isn't an anomaly. It's the logical endpoint of the architecture. When your security model requires kernel-level agents on every endpoint, feeding telemetry to a centralized cloud, you've built a surveillance infrastructure with a single point of catastrophic failure. You haven't reduced risk. You've concentrated it.

AI-Washed Misinterpretation

"AI-powered threat detection" in 2026 means the same pattern matching from 2009, run through a transformer that generates confident-sounding explanations for its false positives. The models are trained on customer telemetry — your data becomes their competitive advantage. The more environments they monitor, the better their models get, the more they can charge the next customer.

The economic model requires harvesting maximum data from maximum endpoints. More agents equals more revenue equals more attack surface equals more incidents equals more agents needed. The customer never wins. They just pay more each year for the privilege of feeding the flywheel.

Meanwhile, Palo Alto Networks scans your infrastructure without consent. The same reconnaissance that gets a penetration tester arrested is their Tuesday. They call it "internet scanning for threat research." A security company performing unauthorized reconnaissance on the systems it claims to protect. The irony would be funny if the invoices weren't seven figures.

A Different Architecture

At DugganUSA, we made a decision at founding that looks obvious in hindsight: we don't touch your endpoints. We don't deploy agents. We don't harvest telemetry. We don't run in your environment at all.

Instead, we took a different approach to threat intelligence. We index government-released data. All of it. DOJ documents, ICIJ leaked databases (Panama Papers, Pandora Papers, Offshore Leaks), federal court decisions, CISA Known Exploited Vulnerabilities, OTX threat pulses, and phishing feeds. Over 10.9 million documents across 37 indexes, all from government or consortium sources, all with unassailable provenance.

Nobody can challenge the data because the government published it themselves.

This week we shipped a graph traversal layer on top of 3.3 million ICIJ relationship edges. You can now query "show me everyone two hops from Prince Andrew through offshore shell companies" and get back a subgraph with centrality analysis, broker identification, and cross-referenced corpus evidence from 398,000 DOJ documents. The entire operation runs on graphology for in-memory analytics and Meilisearch for the edge store.

Legacy vendors build "threat graphs" from your data — your network traffic, your DNS queries, your employee behavior. They're graphing you.

We graph governments. The distinction matters.

The Numbers

The entire DugganUSA infrastructure — 10.9 million documents, 42 GB of indexed data, graph traversal across 5.3 million ICIJ entities and relationships, STIX/TAXII feeds consumed by 275+ organizations in 46 countries — runs on approximately $600 per month.

A mid-market enterprise pays CrowdStrike that much for 10 endpoints.

Our STIX feed consumers include Microsoft, AT&T, Hetzner, and organizations across six continents. The security vendors themselves consume our threat intelligence. The company that costs less per month than a single enterprise endpoint license produces intelligence consumed by the companies charging millions for that license.

The Thesis

The legacy of security vendors is mass surveillance versus security. An uncoordinated mashing of legacy technology and AI-washed misinterpretation, sold at enterprise pricing to organizations that become more vulnerable with each agent deployed.

The alternative exists. Government data, made searchable and traversable, with zero endpoint footprint and zero customer data collection. The filtered narrative — what governments chose to release, to redact, to format — indicts itself when you make it queryable.

We don't need your telemetry. The government's own words are more damning than anything on your network.

DugganUSA LLC. Government data only. Zero agents. Zero surveillance. $600/month.

275+ consumers in 46 countries already figured this out.

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*