DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Only Others Playing in This Space Are the DoD. Oops.

Patrick Duggan
Feb 18
4 min read

# The Only Others Playing in This Space Are the DoD. Oops.

Point72 just launched a dedicated AI fund for 2026. Steve Cohen's shop — already running Cubist Systematic Strategies on the quant side — has decided that AI-driven alpha generation deserves its own vehicle. Not a feature. Not a team. A fund.

That's interesting. Not because we want anything from Point72. Because it validates something we've been watching for a while.

The Quant AI Problem Nobody Talks About

A dedicated AI fund doing equities needs three things that don't exist off the shelf:

1. **Alternative data at scale** — not the sanitized vendor feeds everyone else has, but raw correlation across financial, legal, and intelligence domains

2. **Threat intelligence as market signal** — nation-state cyber activity correlates with market moves. Always has. The question is who's watching in real-time

3. **Compliance infrastructure that doesn't bankrupt the thesis** — SOC2, NIST 800-171, FedRAMP-adjacent controls. The table stakes for institutional capital

Every quant fund buys the same alternative data from the same vendors. That's not alpha. That's expensive beta with a narrative.

The Receipts

Here's what's running right now. Not a pitch deck. Not projections. Live production numbers pulled February 18, 2026:

| Dataset | Documents | What It Is |

|---------|-----------|------------|

| ICIJ Offshore Leaks | 1,785,560 | Panama Papers, Pandora Papers — shell companies, offshore entities, beneficial ownership |

| OZ Decisions | 1,227,546 | Federal enforcement decisions — sanctions, regulatory actions, compliance events |

| IOCs | 867,901 | Indicators of compromise — C2 servers, malware hashes, threat actor infrastructure |

| Block Events | 631,909 | Real-time attack data — who's hitting what, from where, using what tools |

| Search Queries | 499,487 | Query intelligence — what people are looking for across all datasets |

| Whitelist Events | 475,113 | Behavioral analysis — legitimate traffic patterns vs anomalous |

| Epstein Files | 329,473 | DOJ documents — financial networks, entity relationships, flight logs |

| Phishing | 17,584 | Active phishing infrastructure — domains, targets, submission times |

| OTX Pulses | 15,869 | AlienVault threat intelligence — campaigns, TTPs, indicators |

| Butterbot Memory | 17,589 | AI operational memory — pattern recognition across all domains |

| CISA KEV | 1,513 | Known Exploited Vulnerabilities — the federal "patch now" list |

| Threat Actors | 346 | Named adversaries — state-sponsored groups, APTs, attribution data |

| **Total** | **~5.9 million** | **24 GB, cross-indexed, searchable in <100ms** |

Monthly infrastructure cost: **$76**.

Three Azure containers. One Meilisearch instance. 275+ organizations in 46 countries consuming our STIX/TAXII feeds.

Why Correlation Is the Only Alpha Left

The alpha isn't in the data. Everyone has data. The alpha is in the *correlation*.

When a Russian C2 server goes active in the same week that a shell company from the ICIJ offshore leaks files new paperwork — that's not a coincidence. That's a signal. We have 1.8 million offshore entities cross-referenced against 868K threat indicators and 1.2 million federal decisions. Nobody else has that graph.

When a sanctioned entity's network infrastructure lights up on our IOC feeds 48 hours before a market-moving enforcement action — that's the trade. And we see it because PreCog sweeps run every 30 minutes, pulling from VirusTotal, AbuseIPDB, OTX, ThreatFox, GitHub, and CISA KEV.

This isn't a hedge fund tool. It's infrastructure. The kind of infrastructure a hedge fund's AI should be reading — if they knew it existed.

The Uncomfortable Competitive Landscape

There are exactly two categories of organization doing cross-domain intelligence fusion at this scale:

1. **The United States Department of Defense** — fusion centers, CYBERCOM, the intelligence community's financial intelligence apparatus

2. **Us** — two guys in Minnesota with a $76/month Azure bill and 5.9 million documents

That's the list.

The enterprise security vendors (CrowdStrike, Palo Alto, Mandiant) do threat intelligence. They don't do financial-legal-cyber fusion. They don't have the Panama Papers indexed next to their IOC feeds. The alternative data vendors (Quandl, Thinknum, YipitData) do financial signals. They don't do threat intelligence. They can't tell you which shell company's registered agent shares infrastructure with a known APT group.

Nobody connects the graph across domains except the people with three-letter agency budgets. And us. By accident.

So What

We're not fundraising. We're not pitching. We're pointing out a gap in the market that happens to be exactly shaped like the thing we already built.

When someone stands up an AI fund for equities and quant, they're going to need cross-domain intelligence infrastructure. They can build it from scratch — budget a couple years and eight figures. They can cobble it together from vendors — and get the same data everyone else has. Or they can notice that a platform already exists with 5.9 million documents across cyber, financial, legal, and offshore domains, 275+ institutional consumers validating the data quality, SOC2 and NIST 800-171 compliance, all running for less per month than a Bloomberg terminal costs per day.

The reference architecture for what we do is classified. The implementation isn't. It's been running for months. The 46 countries consuming our STIX feeds aren't going anywhere. The 1.8 million offshore entity records aren't going anywhere. The 868K indicators of compromise get updated every 30 minutes.

We're not going anywhere either. The small businesses getting protected don't care who else is watching. But the data is here, and it's live, and it's the only cross-domain fusion capability in the private sector.

Make of that what you will.

*DugganUSA LLC. Butterbot. Three containers, $76/month, 5.9 million documents, 275+ consumers in 46 countries. The Cribl of Agentic AI.*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*