Databricks to Acquire Panther, Advancing AI-Powered Security Operations

Databricks has announced its intent to acquire Panther, an AI-powered security operations center (SOC) platform, in a move designed to accelerate the company's push into enterprise security software. The acquisition targets a fundamental shift away from legacy security information and event management (SIEM) systems toward what Databricks calls the "security lakehouse"—a unified architecture that combines security, IT, and business data with AI-driven threat detection and response capabilities.

According to details first reported by Databricks, Panther brings more than 100 pre-built data integrations, detection-as-code capabilities, and automated investigation workflows that can operate at scale without manual intervention. The platform is already used by security teams at organizations including Anthropic, where it supports security operations for frontier AI development.

Why it matters

Traditional SIEM platforms struggle with the volume and velocity of modern security data, forcing organizations to analyze only a fraction of available telemetry due to cost and complexity constraints. As attackers increasingly deploy AI agents to identify vulnerabilities and launch coordinated attacks across cloud, SaaS, and AI infrastructure, security teams face a widening capability gap. Databricks' acquisition of Panther represents a bet that the future of enterprise security operations lies in AI agents that can automatically triage alerts, investigate threats, and recommend responses—capabilities that legacy systems were never designed to support.

Addressing the SIEM replacement market

Databricks Co-founder and CEO Ali Ghodsi framed the acquisition as part of a broader strategy to disrupt the established SIEM market. "Legacy SIEM was never designed for AI," Ghodsi stated, noting that Databricks already has the trust of 70% of the Fortune 500 for data and AI workloads. The company introduced Lakewatch earlier this year as its security lakehouse platform, designed to ingest and analyze unprecedented volumes of unstructured security data while reducing total cost of ownership compared to traditional SIEM deployments.

Panther's architecture aligns with this vision by eliminating the complex data mapping and limited retention windows that characterize legacy systems. The platform's detection-as-code approach allows security teams to programmatically define and update threat detection rules, a capability that Anthropic's Head of Defense Tim Nguyen described as essential for teams that need to "adapt quickly as our environment evolves."

Building on recent security investments

The Panther acquisition marks Databricks' third security-focused deal, following its acquisitions of Antimatter and SiftD.ai. Jack Naglieri, Founder and CEO of Panther, previously led the open source StreamAlert project at Airbnb before building Panther as a cloud-native SIEM and AI SOC platform. His team of engineers and former SOC analysts will join Databricks' expanding security product organization.

The combined offering will embed AI agents directly into core SOC workflows, enabling automatic alert triage, context gathering, and response recommendations. Databricks positions this agentic approach as necessary to match the speed and scale of AI-driven attacks, which can now identify and exploit vulnerabilities faster than human-led defenses can respond.

The proposed acquisition remains subject to customary closing conditions and regulatory clearances. Databricks disclosed the agreement at its Data + AI Summit in San Francisco, where the company detailed its broader security lakehouse roadmap.

Details of the acquisition were announced by Databricks in a press release.