Databricks Expands Into Cybersecurity Arena With New Lakewatch Offering

Databricks is applying its AI and data platform—and disclosing two acquisitions—as it brings an agentic approach to traditional SIEM cybersecurity.

Databricks is expanding into the cybersecurity space, launching Tuesday a new agentic SIEM product that taps into the data management and AI capabilities of the company’s core Data Intelligence Platform to provide threat detection and investigation capabilities.

Databricks says its new Lakewatch offering is designed to help organizations defend against increasingly sophisticated attackers using AI and agents that reduce the time security teams have to detect and respond to attacks.

“Security is really a data problem, at the core of it,” said Andrew Krioukov, general manager of Lakewatch, in an interview with CRN. “Our strengths are data and AI. We see this as the evolution of SIEM.”

Krioukov noted that prior to this product launch, some customers were already running security workloads on the Databricks platform, loading security logs and other security data into Databricks, “because it was the best place for doing threat analytics,” and “outperformed existing tools,” Krioukov said.

Lakewatch, currently in private preview, unifies security, IT and business data into a single, governed environment for AI detection and response, according to the Databricks announcement. It enables organizations to ingest, retain and analyze huge volumes of multi-modal data that provides security teams with complete visibility across an enterprise.

With Lakewatch security operations teams also can deploy security agents to automate threat detection and response “at massive scale,” according to the company.

Databricks’ move into SIEM (security information and event management) stems from the company’s previously undisclosed acquisition in May 2025 of Antimatter, a startup developing technology for secure authentication and authorization of AI agents.

Krioukov, who was co-founder and CEO of Antimatter, said that company’s technology was originally built on the Databricks platform and provided the foundation for Lakewatch. “We were real partners before we were acquired,” he said.

“But certainly, Lakewatch has grown to be much, much more than what we had nine months ago. And I’d say in record time too,” Krioukov said, pointing to the product itself, Databricks’ broader vision, and the Antimatter team that tripled in size within Databricks post-acquisition to develop Lakewatch.

Databricks announced that it also acquired SiftD.ai, founded by the creator of Splunk’s Search Processing Language (SPL), a move that’s expected to bring “deep expertise” in large-scale detection engineering and modern threat analytics, Databricks said. Krioukov said the SiftD.ai personnel have joined his team.

The Core Concepts Behind Lakewatch

Lakewatch is designed around three pillars, according to Krioukov, the first being that security teams need to be able to see all of an organization’s data in open formats, including unstructured data such as text, audio and images that he said traditional SIEM tools struggle to work with.

Second is the need to leverage agentic AI to automate manual security practices that are too slow and cumbersome for today’s increased pace of cyberattacks. Using Lakewatch and Databricks’ Agent Bricks tools for building production agents, customers can build, optimize and deploy custom security agents. Lakewatch is also integrated with Databricks’ Genie AI assistant to automate security processes such as alert triage.

“The attackers are moving faster and faster and so the time to respond is dropping,” Krioukov said. “We’re applying AI to help the teams that are tasked with defending a company, to help automate their workflows, help them do their jobs faster, so that they can spot threats sooner and react to those threats faster.”

And the third pillar, openness and flexibility, is based on the ability of the Databricks platform to work with data from a broad range of sources and connect to IT systems from the large number of companies within Databricks’ technology partner ecosystem.

Databricks debuted Lakewatch at this week’s RSAC 2026 conference in San Francisco where Databricks co-founder and CEO Ali Ghodsi was a keynote speaker and, in his presentation, focused on how much AI has replaced traditional SIEM.

Krioukov said that given the importance of data and AI within the realm of cybersecurity, Lakewatch is not just a side product for Databricks.

“Databricks and Ali [Ghodsi] and the board have decided that this is a major investment area…and that’s what spurred all this, both the acquisitions and the growth of the team,” he said, calling the RSAC event the “big coming out party” for the company’s entrance into the cybersecurity space.

Krioukov said Lakewatch provides opportunities for the company’s channel partners around new security use cases such as leveraging business data for fraud detection.