Databricks announced its entry into the cybersecurity market on March 24, 2026, launching Lakewatch, an AI-powered security platform that promises to slash costs by up to 80% compared to traditional systems. The new platform uses autonomous AI agents to automate threat detection and response while storing data in customers’ own cloud environments, directly challenging market leaders Splunk and Microsoft Sentinel.
The platform represents what Databricks calls an “agentic SIEM,” where AI agents serve as primary actors in automating security workflows to match the velocity of modern cyberattacks, according to the company’s blog post. Unlike traditional systems that depend on human-written rules, Lakewatch employs AI to continuously analyze data, detect threats, triage alerts, and initiate threat hunting.
A key feature named “Genie” automates complex tasks including parsing new log sources into the Open Cybersecurity Schema Framework, authoring detection rules from threat intelligence, and translating natural language queries into SQL for threat hunting, Databricks stated in its announcement.
Strategic Acquisitions and Early Adopters
To accelerate its market entry, Databricks acquired security research firm Antimatter and SiftD.ai, founded by the creator of Splunk’s Search Processing Language, signaling direct intent to attract talent and customers from the market leader, according to the company’s press release.
The platform launched in Private Preview with early customers including Adobe, Dropbox, and National Australia Bank, Databricks announced. The pricing model bases costs on compute consumption rather than data ingestion volume, a key differentiator designed to attract large enterprises struggling with legacy SIEM costs, DigitalToday reported.
Technical Architecture and Partner Ecosystem
Lakewatch employs a decoupled architecture built on the Databricks Lakehouse Platform, where storage and compute operate separately. Data resides in open formats like Delta Lake within customers’ own cloud storage, governed by Unity Catalog, eliminating vendor lock-in, the company explained.
The platform integrates with an “Open Security Lakehouse Ecosystem” including partners Cribl, Zscaler, Okta, Palo Alto Networks, and Wiz to streamline data ingestion, Databricks announced. Through Delta Sharing, an open protocol for sharing live data without replication, partners like Obsidian Security can feed normalized telemetry directly into customers’ Lakewatch environments, eliminating ingestion overhead, according to Obsidian Security’s blog post.
The system analyzes all forms of security telemetry, including multi-modal data such as chat logs, video, and audio, which are often sources of social engineering and insider threats missed by traditional systems, Databricks stated on its product page.
Sources
- databricks.com/company/newsroom
- digitaltoday.co.kr
- obsidiansecurity.com/blog
