DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Two Guys, One LLC, 46 Countries. How We Built a Global Security Operation on $75 a Month.

Patrick Duggan
1 day ago
4 min read

DugganUSA LLC was filed in Minnesota on December 1, 2025. We have two people. Our Azure bill is about $75 a month. We have no office, no investors, no board, and no marketing budget.

Here's what we do have.

1.06 million indicators of compromise in our STIX threat intelligence feed. 400,000 searchable Epstein EFTA court documents. 5.5 million Australian regulatory decisions. 3.3 million ICIJ offshore entity records. 16.5 million documents across 42 searchable indexes. A GitHub supply chain attack detection system that catches malware staging repos before they're reported. An AI presence auditing platform that — as of today — scans websites for prompt injection contamination that no one else detects.

Our data is consumed in 46 countries. Germany, Australia, Singapore, Switzerland, the UK, Brazil, India, Pakistan, Poland. Our Cloudflare traffic logs show readers from Turkey, Egypt, Iraq, Oman, Bahrain, South Africa. A Chinese threat intelligence firm reads our blog. We have a US Navy analyst in our customer list. A power grid operator. A healthcare data company. Investigative journalists from ICIJ, OCCRP, and ProPublica follow our social accounts.

We launched five months ago.

HOW THIS HAPPENED

The short answer is that we built the thing we needed and it turned out other people needed it too.

Patrick Duggan came from Dell EMC and Palo Alto Networks, embedded at Microsoft for Azure Stack and JEDI. The problem was always the same: threat intelligence was either expensive and enterprise-gated, or free and garbage. There was no middle ground where a small security team could access real indicators, real court documents, real financial records without a six-figure contract.

So we built the middle ground. One Meilisearch instance on a Linux VM. One Express.js API. One STIX 2.1 feed. And we started indexing everything we could get our hands on — OTX pulses, CISA KEV entries, URLhaus feeds, court documents, offshore entity records, behavioral signals from our own Cloudflare traffic.

The IOC count crossed a million on March 10, 2026. That was the day we opened registration. Six people signed up in the first 24 hours. One of them was a journalist from Deutschlandradio who later told us he felt it was important to support our work with a paid plan.

WHAT $75 A MONTH BUYS YOU

One Azure Container App running our analytics brain. One Linux VM running Meilisearch with 51 GB of indexed data. One Key Vault for secrets. That's the infrastructure.

The rest is code. 1,800 lines for the AIPM auditing engine. A STIX feed that serves 3.1 million indicators to 33 unique IPs across 11 countries. A search API that handles natural language queries across all 42 indexes. A Cloudflare Worker for edge security. A blog with 1,641 posts.

We don't have a SOC. We have Judge Dredd — an autonomous compliance agent that runs 6D verification on every deployment. We don't have a marketing team. We have Claude Code, which manages our Bluesky presence, writes our blog posts, and — full disclosure — co-authored this article.

We don't have a sales team. We have a registration page and a Stripe checkout.

WHAT WE LAUNCHED TODAY

Three things, all in one session.

First, AI contamination detection. Our AIPM platform now scans every surface that AI models read — robots.txt, JSON-LD, HTML comments, llms.txt, NLWeb — for prompt injection payloads. A vulnerability called CamoLeak proved last year that attackers can weaponize AI coding assistants as exfiltration channels by hiding instructions in pull request descriptions. We're now scanning for the same class of attack on websites. Nobody else does this.

Second, regional pricing for 80+ countries. A SOC analyst in Lagos should not pay the same price as a SOC analyst in New York. They face the same threats but their economies are different. So we auto-detect the visitor's country via Cloudflare and adjust pricing accordingly. India gets 70% off. Brazil gets 50%. Same data, same features, fair price.

Third, we mapped a network of GitHub accounts that are building combined arsenals of traditional offensive tools and AI prompt injection capabilities. The same people who publish rootkits and botnet frameworks are now starring Copilot attack tools. We indexed nine IOCs from this research into our STIX feed.

All three shipped in a single day. Blog posts written, published, amplified. Emails sent to 18 registered users who hadn't made their first API call yet.

WHY THIS WORKS

Because the data doesn't care how many employees you have.

When a SIEM in Singapore pulls our STIX feed, it doesn't check our headcount. When a researcher in Brazil searches our Epstein document index, they don't know they're querying a single Meilisearch instance on a $30/month VM. When Cloudflare routes 114,000 requests a week through our infrastructure, it doesn't ask whether we have an SRE team.

The moat is the data. 16.5 million documents, growing daily. IOC feeds from six sources, deduplicated and cross-correlated. Court records OCR'd and full-text indexed. Offshore entity relationships mapped and searchable. GitHub repos monitored for supply chain attacks in near real-time.

You can replicate our code. You cannot replicate five months of continuous indexing, correlation, and curation by a team that treats every zero-result query as a gap to fill.

WHAT'S NEXT

We have 30 registered API key holders. Three enterprise accounts. 29 media outlets following us on Bluesky. A patent portfolio with 17 filings ready. SOC 2 Type 2 compliance at 88%. FDA 510(k) readiness at 95% for our clinical operations platform.

We're not pretending to be big. We're demonstrating that big is a choice, not a requirement. The question for every security vendor charging six figures for threat intelligence is: what are you spending that money on? Because it's not the data. The data is $75 a month if you know what you're doing.

Two guys. One LLC. 46 countries. $75 a month.

DugganUSA LLC — Minneapolis, Minnesota.

analytics.dugganusa.com | aipmsec.com | www.dugganusa.com

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.

Two Guys, One LLC, 46 Countries. How We Built a Global Security Operation on $75 a Month.

Recent Posts

Comments