Databricks announces Lakewatch, an open and agentic SIEM platform that consolidates security, IT, and business data into a single environment. With AI agents, security teams should be able to detect and respond to threats at machine speed.
Lakewatch brings together all data in open formats, including multimodal data such as video and audio, to detect social engineering and insider threats. AI agents then automate detection, triage, and threat hunting. “With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools,” explains Databricks CEO Ali Ghodsi.
In October 2025, the company launched Data Intelligence for Cybersecurity, enabling partners such as Palo Alto Networks to triple the speed of threat detection and Arctic Wolf to analyze eight trillion security events in real time every week.
Lakewatch runs on an open, cloud-agnostic platform that integrates with Okta, Palo Alto Networks, Wiz, Zscaler, and Proofpoint. It employs Detection-as-Code, including automated testing. Governance and compliance are enforced via Unity Catalog, which helps organizations comply with NIS2 and DORA.
Acquisitions and Anthropic Collaboration
To strengthen the platform, Databricks announces two acquisitions. Antimatter, founded by UC Berkeley researchers, brings expertise in secure authentication and authorization for AI agents. SiftD.ai, co-founded by the creator of Splunk’s Search Processing Language, adds expertise in large-scale threat analysis.
In addition, Databricks is deepening its collaboration with Anthropic. Claude models power Lakewatch by correlating signals across security, IT, and business data. Anthropic also uses the Databricks platform itself as its own security lakehouse.