The pioneer of the Data and AI category, Databricks, has now officially entered the cybersecurity space with the launch of Lakewatch, its “Agentic SIEM” (Security Information and Event Management) solution designed to enable organizations against the rising tide of sophisticated “agent” attacks powered by AI. Lakewatch is designed to unite security, IT, and business telemetry into a governed data environment.
Bridging the Defensive Gap at Machine Speed
The problem with modern cyber attacks is that they are too quick and sophisticated for traditional, human-based defense mechanisms. These days, the attackers are using automated tools to constantly scan for vulnerabilities and launch their attacks in ways that are faster than humans can react. On the other hand, defenders are often held back by scattered data and very high costs for data loading, which in many cases lead them to throw away up to 75% of their security logs.
To fix this imbalance, Lakewatch uses an open-security lakehouse architecture. This enables organizations to keep and work on years of different kinds of data like videos and audios in detecting anything from social engineering to internal anomalies, without the worry of being tied to a vendor or dealing with high costs.
“Security teams can no longer rely on manual workflows to outpace AI-driven attacks,” said Ali Ghodsi, Co-Founder and CEO of Databricks. “With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today’s agent attackers.”
Strategic Acquisitions and Ecosystem Expansion
To accelerate its security roadmap, Databricks also announced the strategic acquisitions of Antimatter and SiftD.ai.
Antimatter, founded by security researchers from UC Berkeley, provides the framework for secure authentication within AI agent environments.
SiftD.ai, led by the original architects of Splunk’s search stack, brings unparalleled expertise in large-scale threat analytics and detection engineering.
Furthermore, Databricks is deepening its technical alliance with Anthropic. The partnership integrates Claude’s advanced reasoning capabilities directly into Lakewatch, enabling the platform to correlate complex signals and surface threats with higher precision.
Also Read: LevelBlue and SentinelOne Forge Global Strategic Alliance to Redefine AI-Driven Security Operations
Enterprise-Grade Security for the AI Era
Lakewatch is already gaining traction among global leaders, including Adobe and Dropbox, as they look to move security intelligence closer to their core data.
“Databricks provides the foundation needed to move from data-driven to AI-driven approaches for security operations, and Lakewatch is an important step toward bringing security intelligence closer to where data already lives,” noted industry stakeholders regarding the launch.
Key Features of Lakewatch Include:
Agentic Automation: “Swarms” of AI agents that automate the detection, triage, and hunting of threats.
Petabyte-Scale Economics: By decoupling storage from compute, Lakewatch can reduce the Total Cost of Ownership (TCO) by up to 80% compared to legacy SIEMs.
Detection-as-Code: Sophisticated version-controlled defense mechanisms that treat security protocols with the rigor of software engineering.
Unified Governance: Full compliance and policy enforcement powered by the Databricks Unity Catalog, ensuring data remains secure and auditable.
