Databricks Moves to Buy Panther as AI Reshapes the Security Operations Center

Databricks is moving deeper into cybersecurity with plans to acquire Panther, an AI-focused security operations platform built around detection-as-code, cloud-native telemetry, and automated SOC workflows.

The deal would strengthen Databricks’ push into what it calls the security lakehouse, a model meant to challenge traditional SIEM platforms by bringing security, IT, cloud, identity, and business data into one governed analytics environment. The company’s thesis is straightforward: as attackers use AI to accelerate reconnaissance, vulnerability discovery, and intrusion paths, defenders need systems that can analyze far more data and automate more of the investigation process.

“Legacy SIEM was never designed for AI,” said Ali Ghodsi, Co‑founder and CEO of Databricks. “Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision. With Panther, we enhance and expand our ability to analyze all data and automate SOC workflows. Together, we can offer the best platform to help defend the world against agentic attacks.”

Panther has built its reputation with security teams that want programmable detection and response at cloud scale. Its platform includes more than 100 prebuilt integrations across cloud infrastructure, identity systems, endpoint tools, networks, and SaaS applications. It also leans heavily on detection-as-code, allowing security teams to write, test, and manage rules more like software.

That approach has appealed to AI-native companies, including Anthropic, where security operations must adapt quickly to fast-moving engineering environments.

"Building frontier AI requires security operations that are programmable and deeply integrated with the way modern engineering teams work,” said Tim Nguyen, Head of Defense at Anthropic. “Panther has helped us bring a software engineering approach to detection and response, giving our team the flexibility to adapt quickly as our environment evolves."

The acquisition follows Databricks’ launch of Lakewatch earlier this year. Lakewatch was designed to help customers centralize security data in the lakehouse, retain larger volumes of telemetry, reduce SIEM cost pressure, and use AI agents for detection, triage, and response.

For security teams, the stakes are rising. Legacy SIEM tools often force organizations to limit what data they ingest because of cost and complexity. That can leave blind spots across cloud services, SaaS applications, identity providers, and AI systems. At the same time, SOC analysts are still buried under manual work, from tuning detections to investigating alerts.

Panther’s technology gives Databricks a more complete SOC layer on top of its data and AI infrastructure. The combined platform is expected to use AI agents to help triage alerts, collect context, recommend response actions, and support broader security investigations.

“We are thrilled to join Databricks and help accelerate the security lakehouse vision,” said Jack Naglieri, Founder and CEO of Panther. “The SOC is at an inflection point: AI is changing how attacks are launched and defenders can now finally keep pace with them. Together with Databricks, we can arm defenders with sophisticated agents that scale detection, investigation, and response.”

The Panther deal is Databricks’ third announced security acquisition, signaling that the company sees cybersecurity as a major growth area for its lakehouse platform. It also reflects a broader market shift: security vendors are racing to reframe SIEM, SOC automation, and threat detection around AI agents and large-scale data platforms.

If Databricks can successfully integrate Panther into Lakewatch, it could give security teams a way to move beyond alert management and toward a more automated, data-rich model for defending cloud and AI environments. That will matter as attackers increasingly use the same AI-driven speed and scale that enterprises are now trying to harness for defense.