Databricks has announced plans to acquire Panther, an AI security operations centre (SOC) platform, in a move intended to further develop its approach to security software.
The financial terms of the planned acquisition were not disclosed. The closing of the deal is subject to standard closing conditions, including regulatory clearance where necessary.
The planned acquisition forms part of Databricks’ strategy to expand its security lakehouse concept, which it positions as an alternative to legacy Security Information and Event Management (SIEM) systems.
Traditional SIEMs, according to Databricks, limit organisations with high costs, restricted data coverage, and manual, labour-intensive processes. These factors can leave many teams unable to analyse all relevant security data or keep pace with AI-powered attacks.
Panther’s platform is built to help security teams detect threats, investigate alerts, and respond to AI-driven attacks through automation and enhanced data coverage.
The platform offers over 100 pre-built, deeply parsed integrations spanning cloud infrastructure, identity providers, endpoints, networks, and SaaS applications. This approach supports immediate, out-of-the-box ingestion and analysis of large volumes of security data without requiring the complex mapping processes often found in older SIEMs.
Panther is reported to be used by security teams in demanding environments, such as those operated by Anthropic.
Databricks highlights that adversaries are increasingly using AI agents to find vulnerabilities across a wide array of systems. In comparison, many current security programmes rely on manual workflows for data ingestion, detection rule writing, and alert investigation, which limits their scalability in the face of sophisticated, automated threats.
Panther’s agentic SOC workflows are designed to automate these processes, enabling teams to handle every alert and disrupt attacks at the speed and scale required by AI-native threats.
Databricks co‑founder and CEO Ali Ghodsi said: “Legacy SIEM was never designed for AI.
“Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision. With Panther, we enhance and expand our ability to analsze all data and automate SOC workflows.”
The engineering team at Panther includes former SOC analysts and brings experience in open source and cloud-native security. Panther originated from the open-source StreamAlert project, initially developed at Airbnb, and its platform now provides detection-as-code and large-scale security data analytics capabilities.
In March, Databricks introduced Lakewatch, a security lakehouse platform intended to unify security, IT, and business data within a single, governed lakehouse architecture.
Lakewatch supports agentic detection and response, allowing organisations to ingest, retain, and analyse substantial volumes of unstructured and multi-modal data. This is intended to lower total cost of ownership and avoid vendor lock-in.
The planned integration of Panther into Lakewatch includes embedding AI agents directly into core SOC workflows to automate triage and suggest contextual next steps when handling security alerts.
Panther founder and CEO Jack Naglieri said: “The SOC is at an inflection point: AI is changing how attacks are launched and defenders can now finally keep pace with them. Together with Databricks, we can arm defenders with sophisticated agents that scale detection, investigation, and response.”
The decision to acquire Panther follows Databricks’ recent acquisitions of Antimatter and SiftD.ai, representing its third announced security-related deal.
Databricks states that combining Panther’s platform with Lakewatch is intended to deepen its AI security capabilities and expand detection coverage. The company aims to strengthen its position as AI-driven attacks become a central concern for cloud, SaaS, and AI-focused enterprises.
Earlier this year, Databricks completed investments totalling over $7bn, with approximately $5bn in equity financing at a $134bn valuation and about $2bn in additional debt capacity. The funds supported projects including Lakebase, a serverless Postgres service for AI agent workloads, and Genie, a conversational assistant that lets employees query company data through chat.
