Databricks announced Lakewatch this week, an open, agentic security information and event management platform built on its data lakehouse. Adobe, Dropbox, and National Australia Bank are among the early customers. Two acquisitions accompanied the launch: Antimatter, focused on authentication and authorization for AI agents, and SiftD.ai, founded by the creator of Splunk's search processing language.
The Pricing Problem Databricks Is Solving
Legacy security information and event management tools charge for storage and compute together. That creates a financial penalty on every byte ingested, so security teams filter logs, delete history, and skip non-traditional data sources entirely.
Databricks decouples the two. Storage stays in the organization's own cloud. Charges are based on work performed, not data volume stored. The company claims up to 80% lower total cost of ownership compared to incumbent platforms.
Why Speed Is the Real Argument
The average time from vulnerability disclosure to active exploitation reportedly fell from 23 days in 2025 to 1.6 days in 2026. Security teams that depend on manual triage and hand-authored detection rules are structurally too slow for that pace.
"Security teams can no longer rely on manual workflows to outpace AI-driven attacks. Defenders must have even better visibility and speed than today's agent attackers."
Ali Ghodsi, Co-Founder and CEO, DatabricksLakewatch runs AI agents directly inside the governed environment where data already lives, rather than routing it to a separate tool. The Anthropic partnership is relevant here: Claude models power the reasoning layer, and Anthropic itself runs Databricks as its own security platform. That is a reference architecture claim, not a co-marketing announcement.
Strategy or Pivot?
This is an extension of the existing platform, not a change in direction. Lakewatch runs on Unity Catalog, Genie, Delta Lake, and Apache Iceberg, all capabilities Databricks already sells. The SiftD.ai acquisition adds Splunk alumni with enterprise security operations depth. Antimatter addresses agent-to-agent trust, an unresolved problem in agentic architectures.
Anvilogic, Arctic Wolf, Cribl, Deloitte, Obsidian, Okta, 1Password, Palo Alto Networks, Panther, Proofpoint, Slack, TrendAI, Wiz (Google Cloud), and Zscaler. Databricks is borrowing credibility from the incumbents it intends to displace.
The IPO context matters. Databricks raised at a $134 billion valuation in February 2026, with annualized revenue above $5.4 billion growing at 65% year over year. Entering a large market with known pricing model failures gives the company a credible new growth story for public investors.
The Open Source Question
Databricks frames Lakewatch around open formats, specifically the Open Cybersecurity Schema Framework, Delta Lake, and Apache Iceberg. The pitch is that customers own their data and avoid vendor lock-in. That argument is worth scrutinizing. The underlying lakehouse infrastructure is Databricks infrastructure. Data portability in open formats does not mean the operational tooling, agent workflows, or detection-as-code pipelines are easily portable to another platform. Open formats and open architectures are different things.
The architecture argument is sound and the pricing model addresses a real constraint. The question is whether Databricks can earn the buyer trust that established security operations vendors have built over a decade. The SiftD.ai acquisition is a direct answer to that concern. Whether it is sufficient will show up in enterprise sales cycles, not in a press release. Security buyers evaluate vendors on incident response depth and long-term support relationships, not platform economics alone.
Databricks. "Databricks Announces Lakewatch: New Open, Agentic SIEM." Databricks Blog, 25 Mar. 2026, www.databricks.com/blog/databricks-announces-lakewatch-new-open-agentic-siem.
Lovelace, Berkeley. "Databricks Enters Cybersecurity Market with Lakewatch Launch, Bulking Up Ahead of IPO." CNBC, 24 Mar. 2026, www.cnbc.com/2026/03/24/databricks-cybersecurity-lakewatch-ipo.html.
Databricks. "Databricks Enters Security Market with Launch of Lakewatch: New Open, Agentic SIEM." PRNewswire, 24 Mar. 2026, www.prnewswire.com/news-releases/databricks-enters-security-market-with-launch-of-lakewatch-new-open-agentic-siem-302723434.html.
Image source: Databricks
