Databricks announced that it has agreed to acquire Panther, an AI SOC platform designed to help security teams unify data sources, detect threats, and investigate alerts using agentic workflows.
The acquisition is intended to advance Databricks’ security lakehouse strategy, a category the company said is designed to disrupt legacy SIEM platforms by combining unified security data, AI agents, and automated detection and response.
Panther helps security operations teams replace manual workflows with AI-powered processes for alert triage, investigation, and response. The platform includes more than 100 out-of-the-box data integrations, detection-as-code capabilities, and agentic SOC workflows designed to automate threat investigation.
Databricks said AI-driven attacks are evolving faster than traditional human-led security operations can respond. Attackers are increasingly using AI agents to identify vulnerabilities and attack paths across cloud, SaaS, and AI systems, while many legacy SIEM platforms are limited by high costs, incomplete data coverage, and manual workflows.
Panther is designed to address those challenges by enabling security teams to ingest security data, write detections as code, investigate alerts, and respond more quickly. The company has been used by security teams including Anthropic and has focused on serving AI-native and cloud-native environments.
Earlier this year, Databricks introduced Lakewatch, its security lakehouse product designed to unify security, IT, and business data into a governed lakehouse for agentic detection and response. Databricks said Lakewatch helps organizations ingest, retain, and analyze large volumes of unstructured data while reducing total cost of ownership.
By adding Panther, Databricks expects to accelerate its security lakehouse roadmap across several areas. The combined offering is expected to embed AI agents directly into SOC workflows, automate alert triage, gather context, propose next steps, and improve detection and response capabilities.
Panther also brings broad data coverage through integrations across cloud infrastructure, identity providers, endpoints, networks, and SaaS applications. Databricks said these integrations can provide faster security data ingestion without the complex mapping often required by legacy SIEM tools.
The Panther team includes engineers and former SOC analysts with experience in open source and cloud-native security operations. Panther was founded by the creator of StreamAlert, an open source project originally developed at Airbnb, and later evolved into a cloud-native SIEM and AI SOC platform built around detection-as-code and security data lakes.
The planned acquisition builds on Databricks’ recent security investments, including its acquisitions of Antimatter and SiftD.ai. The proposed acquisition remains subject to customary closing conditions, including any required regulatory clearances.
KEY QUOTES:
“Legacy SIEM was never designed for AI. Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision. With Panther, we enhance and expand our ability to analyze all data and automate SOC workflows. Together, we can offer the best platform to help defend the world against agentic attacks.”
Ali Ghodsi, Co-Founder and CEO of Databricks
“We are thrilled to join Databricks and help accelerate the security lakehouse vision. The SOC is at an inflection point: AI is changing how attacks are launched and defenders can now finally keep pace with them. Together with Databricks, we can arm defenders with sophisticated agents that scale detection, investigation, and response.”
Jack Naglieri, Founder and CEO of Panther
“Building frontier AI requires security operations that are programmable and deeply integrated with the way modern engineering teams work. Panther has helped us bring a software engineering approach to detection and response, giving our team the flexibility to adapt quickly as our environment evolves.”
Tim Nguyen, Head of Defense at Anthropic
