The deal is Databricks’ third security acquisition, aimed at replacing legacy SIEM with agentic workflows built to keep pace with AI-driven attackers.
Databricks, the Data and AI company, announced its intent to acquire Panther, a leading AI SOC platform. The acquisition will advance the company’s vision for the security lakehouse, a new category of security software that is disrupting legacy SIEM with an agentic approach. Together, Databricks and Panther will help organizations detect more threats, investigate every alert, and fight AI-driven attacks with AI. Trusted by leading security teams, including Anthropic, Panther has proven it can defend the most demanding, AI-native environments. Panther is the third security acquisition announced by Databricks, strengthening its AI security product team and deepening its security investment.
AI-driven attacks are evolving faster than human-led defenses can keep up. Attackers now use AI agents to find new vulnerabilities and attack paths across cloud, SaaS, and AI systems. Meanwhile, SIEMs are held back by high costs, limited data, and manual, labor-intensive workflows. As a result, most organizations analyze only a fraction of their security data, leaving them blind to many of the new agent-driven attacks in their environments.
Today’s SOC workflows make this worse because they’re still largely manual: teams hand-manage data ingestion, hand-write detection rules, and investigate every alert manually. With legacy tools, SOC teams simply can’t keep pace with new threats. Panther closes the gap by replacing costly, closed SIEM stacks with agentic SOC workflows, so defenders can investigate every alert and disrupt attacks at the speed and scale of AI.
Also Read: “Disheveled,” “Not Coherent” — The Bias Is in the Notes, Not the AI
“Legacy SIEM was never designed for AI,” said Ali Ghodsi, Co-founder and CEO of Databricks. “Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision. With Panther, we enhance and expand our ability to analyze all data and automate SOC workflows. Together, we can offer the best platform to help defend the world against agentic attacks.”
“We are thrilled to join Databricks and help accelerate the security lakehouse vision,” said Jack Naglieri, Founder and CEO of Panther. “The SOC is at an inflection point: AI is changing how attacks are launched, and defenders can now finally keep pace with them. Together with Databricks, we can arm defenders with sophisticated agents that scale detection, investigation, and response.”
“Building frontier AI requires security operations that are programmable and deeply integrated with the way modern engineering teams work,” said Tim Nguyen, Head of Defense at Anthropic. “Panther has helped us bring a software engineering approach to detection and response, giving our team the flexibility to adapt quickly as our environment evolves.”
Earlier this year, Databricks introduced Lakewatch, its security lakehouse designed to help organizations defend against increasingly sophisticated AI-driven attackers. Lakewatch unifies security, IT, and business data into a single, governed lakehouse for agentic detection and response, enabling customers to ingest, retain, and analyze unprecedented volumes of unstructured data while reducing the total cost of ownership.
Also Read: Are Banks Losing the Race Against Instant Fraud?
Adding Panther accelerates Databricks’ security lakehouse vision in several key ways. Lakewatch and Panther embed AI agents directly into core SOC workflows, enabling them to automatically triage alerts, gather context, and propose next steps. The combined platform offers more than 100 pre-built, deeply parsed integrations across critical cloud infrastructure, identity providers, endpoints, networks, and SaaS applications, delivering immediate, out-of-the-box ingestion without the complex mapping required by legacy SIEMs. The Panther team of engineers and former SOC analysts brings deep experience in open source and cloud-native security operations. Founded by the leader of the open-source StreamAlert project, originally created at Airbnb, Panther has grown into a cloud-native SIEM and AI SOC platform built on detection-as-code and security data lakes.
The acquisition of Panther builds on Databricks’ recent security investments, including its acquisitions of Antimatter and SiftD.ai.
The proposed acquisition is subject to customary closing conditions, including any required regulatory clearances.
