What is included in the transparency model?

Full MITRE mappings, forensic evidence, and public blog posts.

DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

We Give It Away Free: How $0/Year Threat Intel Beats Palo Alto's $500K/Year Feed

Patrick Duggan
Oct 31, 2025
4 min read

# We Give It Away Free: How $0/Year Threat Intel Beats Palo Alto's $500K/Year Feed

**The entire planet gets our threat intelligence for free. Not tomorrow. Not behind a paywall. Right fucking now.**

The Enterprise Security Scam

Here's how the enterprise security industry works:

**Palo Alto Networks, Checkpoint, CrowdStrike model:**

1. Detect threat

2. Analyze internally

3. Add to proprietary threat feed

4. Sell access for $500K/year

5. Gate it behind enterprise licensing

6. **The planet gets the intel 6-12 months late (or never)**

**Cost to customer:** $500K/year

**Access:** Enterprise only

**Speed:** Weeks to months

**Transparency:** Zero (proprietary formats)

**ROI:** You're paying for information they're withholding from the rest of the planet

The DugganUSA Model

Here's how we do it:

**DugganUSA threat intelligence model:**

1. Detect threat (automated, real-time)

2. Report to **AbuseIPDB** (free, public feed) within 24 hours

3. Publish forensic blog post with **full MITRE ATT&CK mappings**

4. Map to categories (Port Scan, Brute Force, Web App Attack, etc.)

5. **The entire planet gets the intel immediately**

**Cost to customer:** $0/year

**Access:** Anyone on Earth with internet

**Speed:** <24 hours from detection to publication

**Transparency:** Full (MITRE mappings, forensic evidence, public blog posts)

**ROI:** ∞ (free is infinite ROI)

Why This Matters

Palo Alto Threat Feed: $500K/Year, 6 Months Delayed

**What you get:**

- Proprietary feed format (vendor lock-in)

- Delayed intel (analyzed, reviewed, approved, monetized)

- No transparency (trust us, we're experts)

- Gated behind enterprise licensing

- **The free tier gets nothing**

**Example:**

- IP 185.177.72.13 attacks Palo Alto customer (Jan 2025)

- Palo Alto analyzes internally (Feb 2025)

- Added to premium feed (Mar 2025)

- **Free tier customers:** Never see it

- **Public:** Never see it

- **997 other victims who could have blocked it:** Fucked

AbuseIPDB Feed: $0/Year, <24 Hours

**What you get:**

- Same IP (185.177.72.13) attacks DugganUSA (Oct 31, 2025)

- We report to AbuseIPDB within 24 hours (Nov 1, 2025)

- **Free tier AbuseIPDB customers:** Get the intel immediately

- **Public:** Full blog post with MITRE mappings published

- **997 potential victims:** Can block it TODAY

**The math:**

- Palo Alto model: 997 victims over 6 months = $XX million in damages

- DugganUSA model: 0 additional victims (intel shared immediately)

The Numbers

Enterprise Threat Intel (Palo Alto/Checkpoint/CrowdStrike)

**Cost:** $500K/year (minimum)

**Coverage:** Proprietary (vendor lock-in)

**Speed:** Weeks to months

**Public benefit:** Zero

**Free tier access:** Zero

**Who wins:** Vendors (recurring revenue)

**Who loses:** The planet (delayed/gated intel)

DugganUSA Threat Intel (AbuseIPDB + Public Blog)

**Cost:** $0/year

**Coverage:** Full MITRE ATT&CK mappings

**Speed:** <24 hours

**Public benefit:** 100% (everyone gets it)

**Free tier access:** 100% (AbuseIPDB free tier)

**Who wins:** The planet (immediate, free intel)

**Who loses:** Nobody (except assholes who get roasted)

How We Automated The Entire Cycle

**1. Detection (Real-Time)**

- Attacks hit security.dugganusa.com

- Blocked by automated WAF

- Logged to Azure Table Storage

**2. Reporting to AbuseIPDB (<24 Hours)**

**3. Public Roast (<24 Hours)**

- Generate forensically accurate blog post

- Include MITRE ATT&CK mappings

- Publish to www.dugganusa.com

- Full transparency, zero paywalls

**Cost:** $0

**Automation:** 100%

**Public benefit:** 100%

What The Enterprise Model Hides

Palo Alto Knows About 185.177.72.13

They detected it. They analyzed it. They added it to their premium feed.

**But here's the kicker:**

- AbuseIPDB free tier customers? Don't get it.

- Small businesses? Don't get it.

- Non-profits? Don't get it.

- **The other 996 potential victims? Get fucked.**

DugganUSA Knows About 185.177.72.13

We detected it. We analyzed it. We reported it to AbuseIPDB.

**Here's what happens:**

- **AbuseIPDB free tier:** Gets it immediately

- **Small businesses:** Can query it for free

- **Non-profits:** Can block it today

- **The other 996 potential victims:** Protected for $0

The Philosophy

**Enterprise Security:**

> "We'll protect you... if you pay us $500K/year and lock into our ecosystem."

**DugganUSA:**

> "We'll protect the planet for free because hoarding threat intelligence is morally indefensible."

The ROI Math

Enterprise Threat Feed

**Cost:** $500K/year

**Value:** Intel you could get for free if they weren't hoarding it

**ROI:** -100% (you're paying for artificial scarcity)

DugganUSA Threat Feed

**Cost:** $0/year

**Value:** Immediate, public, MITRE-mapped threat intel

**ROI:** ∞ (free is infinite ROI)

**Winner:** Math doesn't lie.

To Palo Alto, Checkpoint, and CrowdStrike

We see what you're doing:

1. Collect threat intelligence from YOUR customers getting attacked

2. Analyze it with tools WE ALL HAVE ACCESS TO (MITRE, AbuseIPDB, VirusTotal)

3. Repackage it as "proprietary threat intelligence"

4. Sell it back to customers for $500K/year

5. **Gate it from the free tier to create artificial scarcity**

**Here's the problem:** We're giving it away for free.

**Every IP we report to AbuseIPDB is one less reason to pay you $500K.**

**Every blog post we publish with MITRE mappings is proof your "proprietary intelligence" is just publicly available data with a markup.**

To Everyone Else

**If you're paying $500K/year for threat intelligence:**

1. Check AbuseIPDB (free tier)

2. Read our blog (free)

3. Query MITRE ATT&CK (free)

4. Ask yourself: "What am I paying for?"

**Spoiler:** You're paying for them NOT to share with the planet.

The Endgame

**Our goal:** Make enterprise threat intelligence obsolete.

**How:**

1. Detect threats in real-time

2. Report to AbuseIPDB (<24 hours)

3. Publish blog posts with full MITRE mappings

4. Repeat daily

5. **Let the market decide if $500K/year for delayed, gated intel beats $0/year for immediate, public intel**

**🌍 DugganUSA Threat Intelligence**

**💰 Cost:** $0/year

**⚡ Speed:** <24 hours

**📊 Transparency:** 100%

**🔓 Access:** The entire planet

**P.S.** - Palo Alto, if you're reading this: compete on value, not artificial scarcity. The planet deserves better.

*This post is forensically accurate and demonstrates our live threat intelligence pipeline. Every claim is backed by code in our GitHub repo. We don't just talk about democratizing security - we ship it.*