Databricks is moving into cybersecurity with the launch of Lakewatch, a new security platform that reflects the company’s focus on extending its data and AI capabilities into adjacent enterprise markets.

The product, an open and AI-driven security information and event management (SIEM) system, represents a calculated effort to challenge established cybersecurity vendors while addressing the growing complexity of modern threats. The company touts Lakewatch as a system designed to process vast quantities of security data while applying generative AI to automate detection and response.

The Challenges of Automation

Clearly, enterprises face new threats driven by automation. Cyberattacks are increasingly executed at machine speed, compressing the time between vulnerability discovery and exploitation. That window has narrowed sharply in recent years, placing pressure on traditional security tools that rely heavily on manual workflows.

Lakewatch is built to counter that shift by embedding AI agents directly into security operations. These agents can analyze telemetry data, prioritize alerts, and assist analysts using natural language queries. As Databricks describes it, the system integrates data from both conventional security tools and also from enterprise sources like business applications, offering a more comprehensive view of potential threats.

The company’s approach builds on its core lakehouse architecture, which allows organizations to store and analyze large volumes of structured and unstructured data in a unified environment. By applying that model to security, the company is attempting to address a limitation of SIEM platforms: the cost and complexity of managing large-scale data ingestion.

Legacy systems often tie storage costs directly to data volume, leading organizations to limit how much information they retain. Lakewatch separates storage from compute, enabling customers to retain extensive datasets while paying primarily for processing. Databricks claims this model can significantly reduce operational costs while improving visibility across security environments.

Building a Security Portfolio

Early adopters include large enterprises such as Adobe and Dropbox, while Anthropic is both a user of Databricks’ security infrastructure and a technology partner. Anthropic’s models contribute to Lakewatch’s ability to correlate signals and identify threats across diverse datasets.

Databricks is also reinforcing its cybersecurity ambitions through acquisitions. It recently purchased security startup Antimatter and has agreed to acquire SiftD, a firm with deep experience in detection engineering and ties to Splunk. These moves bring both technical capabilities and industry expertise as Databricks builds out its security portfolio.

Executives say LLMs are reaching a level of maturity that allows them to meaningfully assist in cybersecurity tasks. In practice, that means automating portions of threat detection, investigation, and, eventually, response. While some features remain in development, the company has indicated that automated remediation capabilities will be added over time.

Potential IPO

For Databricks, Lakewatch represents a potential major revenue source, but it also carries a risk. Success in cybersecurity could strengthen its case ahead of a potential IPO, which executives have suggested could occur as early as 2026. At the same time, the company is entering a market dominated by established vendors with deeply entrenched customer relationships.

In any case, including cybersecurity in its product portfolio appears to be a major plus for Databricks. As organizations grapple with escalating data volumes and faster-moving threats, the integration of AI into security operations is becoming less optional. For Databricks, its experience in large-scale data processing and its emphasis on open architectures could give it an advantage in that transition.