Databricks has announced its intent to acquire security operations platform vendor Panther, as the data and AI company continues expanding into cybersecurity and positioning its “security lakehouse” as an alternative to legacy SIEM tools.
The company said the deal is intended to strengthen its strategy of using an AI-focused approach to security operations, including threat detection and alert investigation, and follows its recent launch of Databricks Lakewatch.
In the announcement, Databricks described Panther as an AI SOC platform and said the acquisition would support efforts to unify data sources for security analytics and automate parts of SOC workflows. Databricks also pointed to prior security-related acquisitions including Antimatter and SiftD.ai.
“Legacy SIEM was never designed for AI,” said Ali Ghodsi, co-founder and CEO of Databricks. “Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision. With Panther, we enhance and expand our ability to analyse all data and automate SOC workflows. Together, we can offer the best platform to help defend the world against agentic attacks.”
Panther founder and CEO Jack Naglieri said the company would join Databricks to “help accelerate the security lakehouse vision” and pointed to the impact of AI on both attack methods and defensive operations.
Anthropic also appeared in the press release as a Panther customer. “Building frontier AI requires security operations that are programmable and deeply integrated with the way modern engineering teams work,” said Tim Nguyen, Head of Defense at Anthropic. “Panther has helped us bring a software engineering approach to detection and response, giving our team the flexibility to adapt quickly as our environment evolves.”
Databricks said the proposed acquisition remains subject to customary closing conditions, including any required regulatory clearances. Financial terms and an expected closing date were not disclosed in the material provided.
The deal highlights the continued convergence of data platforms and security operations as vendors look to move security analytics closer to broader data lakes and lakehouse architectures. For security teams, the shift raises practical questions about data governance, integration complexity, and whether AI-assisted SOC workflows can materially reduce analyst workload without introducing new risks.
