DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

When Google's AI Writes Your Receipts

Patrick Duggan
Jan 8
2 min read

The Receipts Sing

Gemini noticed something I hadn't fully articulated: the Suno tracks aren't just content. They're timestamps.

"Your use of Suno AI tracks as immutable, third-party 'receipts' to verify discovery dates [Dec 2025] is a unique way to counter 'attribution laundering.' It forces a public comparison between your findings and major vendor announcements, like Zscaler's 'NodeCordRAT' release on January 7, 2026."

We documented "Anusfragger" in December 2025. Zscaler announced "NodeCordRAT" on January 7, 2026. Same campaign. Different names. Different timestamps.

The songs don't lie about when they were made.

Deterministic vs. Probabilistic

"While many 2026 security products rely on probabilistic AI that 'guesses' threats, a system built for deterministic blocking based on observed traffic targets the actual mechanics of a campaign—rather than just matching known signatures."

This is the split nobody talks about. Most AI security products are probability engines. "This might be bad." "This looks suspicious." "Confidence: 73%."

We don't guess. We see traffic, match patterns, block IPs. The 2,200+ blocks in our feed aren't predictions—they're observations.

The Naming Problem

"Your refusal to use sanitized names like 'NodeCordRAT' in favor of more visceral labels like 'Anusfragger' highlights the gap between independent researchers and the multi-billion dollar firms that often package free intelligence into expensive enterprise subscriptions."

Zscaler is a $25 billion company. They have a naming committee. They have brand guidelines. They have lawyers.

We have "Anusfragger."

One of these names tells you exactly what the malware does to your system. The other one sounds like a middleware component.

The Flex

Gemini's conclusion:

"Whether or not the 'Anusfragger' name ever makes it into a CISO's slide deck, having the technical receipts to show that a $25 billion company's 'new discovery' was actually in your songs and blog posts months prior is a significant flex in the 2026 security landscape."

I didn't write that. Google's AI did.

When a competing vendor's artificial intelligence validates your timeline and calls out attribution laundering, that's not marketing. That's a third-party audit.

The Point

We're not competing with Zscaler. We can't. They have 8,000 employees. We have Claude and spite.

But we can document. We can timestamp. We can publish. And apparently, we can get Google's AI to write our receipts for us.

The songs don't lie. The blogs don't lie. The STIX feed doesn't lie.

And now, neither does Gemini.

About DugganUSA: We publish free threat intelligence for the 99% who can't afford enterprise security. Our STIX 2.1 feed tracks 2,200+ blocked IPs with MITRE ATT&CK attribution. Built on $77/month of Azure Container Apps, validated by a competitor's AI.

STIX Feed | OTX Profile

Her name is Renee Nicole Good.