Databricks has announced its agreement to acquire Panther, a company focused on cloud-native security data lakes and modern security operations. The deal represents a major step in Databricks’ push to build a unified platform that combines large-scale data processing, AI, and security operations.
As organizations increasingly rely on AI agents that can act autonomously, traditional security tools are struggling to keep up. Legacy systems were not built to handle the speed, volume, and complexity of today’s threats. The acquisition of Panther is designed to address this gap by bringing together Databricks’ strengths in data and AI with Panther’s capabilities in security data management and automated response.
“Legacy SIEM was never designed for AI,”
"Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on our security lakehouse vision. With Panther, we enhance and expand our ability to analyze all data and automate SOC workflows. Together, we can offer the best platform to help defend the world against agentic attacks.”
Ali Ghodsi
Co-founder and CEO of Databricks
The move reflects a growing recognition that effective security in the agentic era requires deep integration between data platforms and security operations, rather than treating them as separate domains.
Conditions Driving the Change
Several key factors are driving the need for platforms that combine data, AI, and security:
Legacy SIEM systems were designed for a previous generation of threats and data volumes and are increasingly unable to scale effectively.
The rise of agentic AI has created faster and more adaptive attack techniques that traditional tools struggle to detect and respond to in real time.
Security teams are overwhelmed by the volume of data and alerts, creating a need for more automated and intelligent analysis.
Organizations want security capabilities that are deeply integrated with their existing data and AI infrastructure instead of operating in isolated silos.
Modern engineering and DevOps practices require security tools that are programmable and flexible rather than rigid and manual.
AI-driven attacks are becoming more common, forcing defenders to adopt equally sophisticated AI-powered defense mechanisms.
There is increasing demand for security platforms that can support automated detection, investigation, and response at scale.
Regulatory and compliance requirements are pushing organizations to maintain better visibility and auditability across their security data.
Security operations are reaching the limits of human capacity, creating pressure to automate more of the workflow.
Major technology platforms are recognizing that owning both the data layer and the security layer provides stronger value to enterprise customers.
These conditions have made integrated security data platforms increasingly important for large organizations.
What AI Security Looked Like Before
Before integrated platforms like the combined Databricks and Panther offering, AI security and security operations were highly fragmented. Most organizations relied on traditional SIEM systems that were originally built for log collection and basic alerting. These systems often required significant manual effort to configure and maintain, and they struggled to process the large volumes of data generated by modern cloud and AI environments.
Detection and response processes were largely manual and reactive. Security teams spent considerable time triaging alerts, investigating incidents, and building custom rules. AI and machine learning capabilities existed in limited forms, but they were usually confined to individual tools and lacked the scale and context provided by enterprise data platforms.
Security data was typically spread across multiple disconnected systems, making it difficult to gain a complete picture of threats or to apply advanced analytics. Governance and auditability were also weak points. Many organizations found it challenging to maintain clear, consistent records of security decisions or to demonstrate compliance when using fragmented tools and processes.
Overall, AI security before this shift was characterized by manual workflows, siloed data, and limited ability to adapt quickly to new attack techniques. The gap between the capabilities of general data and AI platforms and the tools used for security operations was significant.
What AI Security Looks Like Now
AI security is shifting toward unified platforms that bring together large-scale data processing, advanced analytics, and automated security operations. The acquisition of Panther by Databricks is a clear example of this evolution. Organizations can now manage and analyze security data within the same environment they use for their broader data and AI workloads.
This integration enables more powerful detection, investigation, and response capabilities. Security teams can apply advanced analytical techniques to security data at scale and automate more of their workflows.
“We are thrilled to join Databricks and help accelerate the security lakehouse vision,”
“The SOC is at an inflection point: AI is changing how attacks are launched and defenders can now finally keep pace with them. Together with Databricks, we can arm defenders with sophisticated agents that scale detection, investigation, and response.”
Jack Naglieri
Founder and CEO of Panther
Another important development is the move toward more programmable security operations. Instead of relying on rigid, pre-built rules, teams can build custom detection and response logic that fits their specific needs.
"Building frontier AI requires security operations that are programmable and deeply integrated with the way modern engineering teams work,”
“Panther has helped us bring a software engineering approach to detection and response, giving our team the flexibility to adapt quickly as our environment evolves."
Tim Nguyen
Head of Defense at Anthropic
Overall, AI security is becoming more intelligent, automated, and aligned with how modern engineering and data teams already operate.
Our Take
AI Security Take
The acquisition of Panther by Databricks highlights a clear direction for the future of security operations. As attacks become faster and more automated through the use of AI agents, defenders need platforms that can match that speed and intelligence while leveraging the data and AI capabilities organizations have already invested in.
For security leaders, this means moving beyond traditional SIEM approaches and toward platforms that treat security data as a core strategic asset. The ability to analyze security data at scale, automate workflows, and build custom detection and response agents is becoming essential.
However, this shift also brings new responsibilities. As security operations become more automated and agent-driven, organizations need strong governance around how these systems make decisions and take action. Programmability and automation are powerful, but they require clear oversight and accountability.
Teams evaluating platforms in this space should assess how well any solution integrates with their existing data infrastructure and whether it provides the flexibility to adapt quickly as threats evolve. The organizations that can successfully combine scale, intelligence, and programmability in their security operations will be better positioned to defend against the next generation of attacks.
The deal also shows that the line between data platforms and security platforms is continuing to blur, and that the most effective security solutions in the coming years will likely be those deeply embedded within an organization’s broader data and AI strategy.
