Decoding the world of cybersecurity

Databricks deal pushes security lakehouse model

Databricks has agreed to acquire Panther, extending its push into security operations as AI, data scale, and SIEM costs reshape enterprise detection and response.

Databricks deal pushes security lakehouse model
Summary
  • Databricks has agreed to acquire Panther, an AI SOC and security operations platform.
  • The company says the deal will support its security lakehouse strategy and expand detection, investigation, and response workflows.
  • The move reflects consolidation around security data, AI-assisted operations, SIEM replacement pressure, and procurement choices for enterprise SOCs.

Databricks has agreed to acquire Panther, extending its push into cybersecurity and adding to market pressure around security data platforms, AI-assisted operations, and legacy SIEM replacement.

The company said the proposed acquisition will support its security lakehouse strategy by combining Databricks’ data and AI platform with Panther’s AI SOC capabilities. Panther provides more than 100 out-of-the-box data integrations, detection-as-code workflows, and automated threat investigation capabilities. Databricks said the deal is subject to customary closing conditions, including any required regulatory clearances.

The acquisition plan points to a broader change in security operations. Enterprise SOCs are struggling with rising telemetry volumes, expensive data ingestion, fragmented tools, and pressure to detect threats across cloud, identity, SaaS, endpoint, network, and AI environments. The economic and operational model of the SIEM is under strain.

Databricks is building the case for a lakehouse as a security data foundation, using governed data architecture and AI to support detection and response. Panther brings a cloud-native SIEM and AI SOC platform built around detection-as-code and programmable workflows. Together, the companies are aiming at customers that want broader data ingestion, automated investigation, and less dependence on closed legacy SIEM stacks.

The approach will be judged in customer environments. Moving security operations onto a broader data platform can bring flexibility, cost control, and richer analytics. It can also create governance, integration, and accountability demands. Security data is among the most sensitive data an organisation holds. Logs can reveal user behaviour, internal systems, business processes, administrator activity, incidents, and weaknesses. Combining that data with AI workflows increases the need for access control, retention policy, auditability, and clear operational ownership.

The deal also reflects how AI is changing security procurement. Vendors are no longer only selling detection rules or dashboards. They are selling automated triage, assisted investigation, agentic workflows, and the ability to reason over large volumes of telemetry. That can reduce analyst workload, while requiring careful control over false positives, missed signals, explainability, and automated response actions.

European enterprises will also view the deal through resilience and outsourcing requirements. DORA, NIS2, and sector-specific rules are increasing pressure to understand third-party technology dependency, operational continuity, and data location. A security data platform can become a critical dependency when it holds telemetry pipelines, detection logic, incident context, and response workflows.

The acquisition fits a wider pattern in which data, cloud, and AI companies are moving deeper into security. Security telemetry is valuable not only for alerts but for governance, compliance, risk analytics, and AI-assisted automation. The SOC is becoming part of wider enterprise data architecture rather than a separate tooling island.

The opportunity is stronger visibility, broader analysis, and faster investigation. The constraint is that a new platform does not resolve weak data quality, poor asset inventory, unmanaged cloud accounts, or unclear incident processes. AI agents and detection workflows still depend on the telemetry and governance beneath them.

Databricks’ Panther deal signals where enterprise security operations are heading: towards platforms that combine data scale, AI assistance, and operational workflows. Buyers will need to decide how much control, portability, and assurance they retain as critical security functions move into larger data ecosystems.

×