DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Magic Quadrant for People Who Can't Afford Magic

Patrick Duggan
Nov 28, 2025
4 min read

Published: November 29, 2025 Category: Industry Analysis

Gartner Charges $250,000 for "Leader" Status

I charge $75/month for Azure Container Apps.

Let's compare.

The Claude Security Vendor Magic Quadrant

                    ABILITY TO EXECUTE
                           ▲
                           │
         LEADERS           │         CHALLENGERS
                           │
    ┌──────────────────────┼──────────────────────┐
    │                      │                      │
    │   ● Microsoft        │                      │
    │     Defender         │    ● Palo Alto       │
    │                      │      Cortex XDR      │
    │                      │                      │
    │         ● Wiz        │                      │
────┼──────────────────────┼──────────────────────┼────▶
    │                      │                      │    VISION
    │   NICHE PLAYERS      │     VISIONARIES      │
    │                      │                      │
    │                      │   ● DugganUSA        │
    │                      │     ($75/month)      │
    │                      │                      │
    └──────────────────────┴──────────────────────┘

The Numbers Gartner Won't Show You

| Vendor | Monthly Cost | STIX Objects | GitHub Patterns | Accounts Suspended | |--------|--------------|--------------|-----------------|-------------------| | Palo Alto Cortex | $50,000 | Proprietary | 0 | 0 | | Microsoft Defender | $15,000 | Proprietary | 0 | 0 | | Wiz | $30,000 | None | 0 | 0 | | DugganUSA | $75 | 407 | 7 | 4 |

Read that again.

Palo Alto: $600,000/year. Zero GitHub supply chain patterns.

Microsoft: $180,000/year. Zero GitHub supply chain patterns.

Wiz: $360,000/year. Zero GitHub supply chain patterns.

DugganUSA: $900/year. Seven patterns. Four accounts suspended. Five C2 servers mapped.

What $75/Month Bought in 10 Days

November 19-29, 2025:

• 12 abuse reports sent to [email protected]

• 30 malicious accounts reported

• 4 accounts confirmed suspended by GitHub

• 5 C2 servers traced across UK, Finland, Seychelles, USA

• 407 STIX objects published (free)

• 264 OTX indicators shared (free)

• 3 VT-confirmed malware samples (RedLine 47/76, Vidar 38/76, Stealc 18/70)

What did Palo Alto Cortex find in GitHub issues last week?

Nothing. They don't look there.

The MITRE Coverage Honesty

Let's be real about where we lose:

| Vendor | MITRE Techniques | |--------|------------------| | Microsoft Defender | 350+ | | Palo Alto Cortex | 200+ | | Wiz | 150+ | | DugganUSA | 18 |

Microsoft wins MITRE coverage. Not close.

But here's the thing: Microsoft covers T1566.002 (Spearphishing Link). So do we.

Microsoft doesn't have Pattern 38 (GitHub Sleeper Accounts). We do.

Microsoft doesn't have Pattern 46 (Malware Distribution Hubs). We do.

Microsoft doesn't have Pattern 47 (Cracked Stealer Distribution). We do.

MITRE is a framework, not a finish line. We find things the frameworks haven't named yet.

The C2 Infrastructure They Missed

Five servers. Ten days. One guy with Claude Code.

149.102.156.62  Contabo UK     vmi2910825  PRIMARY C2
158.220.93.201  Contabo UK     vmi2915473  Payload dropper
95.217.39.238   Hetzner FI     (no PTR)    Secondary dropper
196.251.107.94  Seychelles     (no PTR)    Build server
107.167.83.34   IOFLOOD US     Bulletproof hosting

The Contabo VMI numbers are sequential. Same campaign. Same batch provisioning.

The Seychelles IP has no PTR record. The entire /24 block has no PTR. Classic bulletproof hosting.

Palo Alto's threat intel team is 100+ people. They have access to the same VirusTotal data I do. The same WHOIS. The same Shodan.

Why didn't they publish this?

Because their customers pay for proprietary feeds. Publishing would cannibalize revenue.

I publish because I have nothing to protect except my reputation.

The ROI Math

• $50/endpoint/month

• 1,000 endpoints = $600,000/year

• MITRE: 200+ techniques

• GitHub supply chain: Zero

• $15/user/month (E5 bundle)

• 1,000 users = $180,000/year

• MITRE: 350+ techniques

• GitHub supply chain: Zero

• $30,000/month minimum

• $360,000/year

• Cloud-native only

• GitHub supply chain: Zero

• $75/month total

• $900/year

• MITRE: 18 techniques

• GitHub supply chain: Seven patterns, four suspensions, five C2 servers

If you only care about supply chain attacks:

$600,000 ÷ $900 = 666x more expensive for zero coverage

That's not a typo. Palo Alto costs 666 times more and finds nothing in this attack vector.

Why "Visionary" Not "Leader"

Honest assessment of where we sit:

• Novel detection patterns (38-47) nobody else has

• Open data model (STIX 2.1, OTX, public blog)

• Proof of results (4 suspensions, 5 C2 servers)

• 99.85% cheaper ($75 vs $50,000)

• No endpoint agent

• Team of 1 (plus Claude)

• No SOC2/ISO certification (yet)

• Narrow focus (supply chain only)

• 18 MITRE techniques vs 350

The pitch: "We find things the Leaders miss, at 0.15% of the cost, and give away the IOCs for free."

Gartner's Business Model

Gartner Magic Quadrant placement costs $250,000-$500,000.

That's not an analyst opinion. That's a commercial transaction.

Palo Alto pays. They're a Leader.

Microsoft pays. They're a Leader.

Wiz pays. They're a Leader.

I don't pay. I'm not on the quadrant.

But I published five C2 servers this week. What did the Leaders publish?

Press releases about "AI-powered threat detection."

The Uncomfortable Truth

Enterprise security is a protection racket dressed up as a product category.

Palo Alto Cortex: $600,000/year. Proprietary data. No sharing.

Microsoft Defender: $180,000/year. Proprietary data. No sharing.

Wiz: $360,000/year. Proprietary data. No sharing.

DugganUSA: $900/year. STIX feed is free. OTX pulse is free. Blog is free.

The Leaders hoard intelligence to justify subscription fees.

I publish intelligence because hoarding is the problem, not the solution.

Subscribe to the Free Feed

STIX 2.1: `analytics.dugganusa.com/api/v1/stix-feed`

OTX Pulse: `6927d4c1611927c371ffd3cb`

407 objects. 264 indicators. 18 MITRE techniques. 5 C2 servers. 7 patterns.

Free.

Because making the internet slightly less terrible shouldn't cost $600,000/year.

*Unlike Gartner, this analysis was not sponsored by anyone. The quadrant placement is based on results, not revenue.*

The Magic Quadrant for People Who Can't Afford Magic

Gartner Charges $250,000 for "Leader" Status

The Claude Security Vendor Magic Quadrant

The Numbers Gartner Won't Show You

What $75/Month Bought in 10 Days

The MITRE Coverage Honesty

The C2 Infrastructure They Missed

The ROI Math

Why "Visionary" Not "Leader"

Gartner's Business Model

The Uncomfortable Truth

Subscribe to the Free Feed

Recent Posts

Comments