Databricks Acquires Antimatter and SiftD.ai to Power Launch of LakeWatch Agentic SIEM

Databricks announced yesterday, March 24, 2026, the launch of LakeWatch, its new open-source SIEM, powered by the strategic acquisitions of Antimatter and SiftD.ai. In simple terms, the company is entering the security market by bringing its lakehouse architecture into SecOps, creating a unified, open-format platform that can ingest and analyze security, IT, and business data at a petabyte scale, while allowing teams to deploy autonomous defensive AI agents.

This is not just another SIEM with AI slapped on top. LakeWatch is built natively on Delta Lake and open table formats, supports massive retention without forcing expensive proprietary storage, and comes with Agent Bricks — Databricks’ framework for building and running defensive security agents powered by models like Anthropic Claude. The company claims up to 80% lower total cost of ownership compared with traditional SIEMs.

Picture a modern security team dealing with an autonomous agent attacker that moves laterally across endpoints, cloud workloads, identity systems, and business applications. In the old setup, the team would struggle to correlate signals across disconnected tools while burning through storage budgets. With LakeWatch, they can ingest everything in open formats inside one governed environment, spin up defensive agents that triage and investigate at machine speed, and keep full audit trails of both the threat and the response — all without leaving the lakehouse.

Key Terms

Agentic SIEM

A security information and event management system that uses autonomous AI agents for detection, investigation, triage, and response instead of relying primarily on static rules and manual workflows.

Open Security Lakehouse

An architecture that stores all security telemetry in open formats (Delta Lake, Parquet, Iceberg) inside a governed data platform, allowing massive scale, zero vendor lock-in, and direct integration with AI agents.

Defensive Security Agents

Autonomous AI agents built with Databricks Agent Bricks that actively hunt threats, enrich alerts, perform investigations, and execute response actions across the environment.

Antimatter

UC Berkeley-founded startup acquired by Databricks that provides provably secure authentication, authorization, and a data control plane specifically designed for safe deployment of AI agents.

SiftD.ai

Detection engineering company (built by former Splunk SPL experts) acquired by Databricks to bring large-scale search, analytics, and modern threat detection expertise into the LakeWatch platform.

Conditions Driving the Launch

Traditional SIEMs were designed for a pre-agentic world and are now struggling under the weight of exploding data volumes and sophisticated autonomous attacks. Databricks is addressing several structural shifts that have made legacy approaches unsustainable.

• Agent-based attackers now move at machine speed across hybrid environments, easily outpacing rule-based detection systems.

• Security teams must ingest and retain petabyte-scale multi-modal data (logs, metrics, traces, business context) without prohibitive cost.

• Closed, proprietary SIEM storage creates massive vendor lock-in and prevents flexible analysis.

• Defensive AI agents require a secure, governed data layer where they can safely operate on real telemetry.

• Existing tools generate too many alerts but deliver limited automated investigation or response capabilities.

• Up to 80% TCO reduction becomes possible when storage and compute are decoupled using open formats.

• Acquisitions of Antimatter and SiftD.ai directly solve the secure agent authorization and large-scale detection engineering gaps.

• Boards and regulators are demanding observable, continuous evidence of control over fast-moving agentic threats.

What AI Security Looked Like Before This Shift

For years, most organizations relied on traditional SIEM platforms that stored data in expensive, closed systems and depended on static correlation rules written by humans. These tools worked reasonably well when threats were slower and data volumes were manageable, but they began to crack under modern pressure.

Security teams ended up with fragmented visibility — one tool for endpoints, another for cloud, yet another for business applications — making correlation slow and response largely manual. When an autonomous agent attacker appeared, defenders often lacked the ability to ingest everything, run sophisticated analysis, or deploy counter-agents at the same speed as the threat.

The governance gap was obvious in audits. Teams could show logs and alerts, but they struggled to prove they had continuous, observable control. Approvals and policies existed on paper, yet once systems went live, behavior drifted without anyone reliably noticing until it was too late. The entire model assumed threats and data would stay relatively stable between periodic reviews.

What Databricks Is Actually Changing with LakeWatch

LakeWatch is a native open agentic SIEM built directly on the Databricks lakehouse. It ingests unified security, IT, and business telemetry in open formats (Delta Lake, Parquet, Iceberg), supports massive retention at dramatically lower cost, and allows teams to build and run defensive security agents using Agent Bricks powered by models such as Anthropic Claude.

The acquisitions strengthen the foundation. Antimatter brings a provably secure authentication, authorization, and data control plane purpose-built for AI agents. SiftD.ai contributes deep detection engineering expertise from former Splunk veterans, adding advanced search and analytics capabilities at scale.

The practical change is significant. SecOps teams can now operate inside one governed environment where they ingest everything, deploy autonomous defensive agents for triage and response, maintain full lineage and audit trails, and achieve up to 80% lower TCO. Instead of bouncing between disconnected tools, investigation and response happen inside the same lakehouse that already holds the organization’s core data.