Databricks Acquires Panther to Accelerate the Security Lakehouse

Databricks has agreed to acquire Panther, a cloud-native SIEM and AI-powered security operations platform known for its detection-as-code approach and deep security engineering roots. The acquisition strengthens Databricks' Security Lakehouse vision and its recently launched Lakewatch initiative, which aims to bring security operations directly into the enterprise data platform. Financial terms were not disclosed. The announcement was made on June 16, 2026.

The transaction brings Panther's AI SOC capabilities, detection engineering expertise, and more than 100 security integrations into the Databricks ecosystem. Panther joins a growing list of security-focused acquisitions that includes Antimatter and SiftD.ai, signaling a deliberate expansion into cybersecurity infrastructure.

For Databricks, this is not simply the acquisition of a cybersecurity company. It is another step toward making security a native workload running alongside analytics, governance, machine learning, and AI. For the broader market, the deal signals that the boundaries separating data platforms, AI platforms, and security platforms are beginning to dissolve.

What Happened

Databricks announced its agreement to acquire Panther, a company that built its reputation by challenging traditional Security Information and Event Management (SIEM) platforms with a modern, cloud-native architecture. Panther's platform combines detection-as-code, AI-powered security operations workflows, and more than 100 integrations designed for modern cloud environments. SIEM platforms help organizations collect, analyze, and investigate security events across increasingly complex environments. The acquisition strengthens Databricks' recently launched Lakewatch platform and reinforces the company's Security Lakehouse strategy, a model that treats security data as part of the broader enterprise data ecosystem rather than as a separate operational silo. Databricks CEO Ali Ghodsi has argued that legacy SIEM platforms were not designed for an AI-driven world, and Panther brings technology, integrations, and operational expertise that would have taken years to build organically.

The deal also brings Panther Founder and CEO Jack Naglieri and the company's security-focused engineering organization into the Databricks ecosystem. Panther was co-founded by Jack Naglieri and Shvetank Jain and raised approximately $140.5M from investors including Coatue, ICONIQ Growth, Lightspeed Venture Partners, Innovation Endeavors, Snowflake Ventures, S28 Capital, Fathom Capital, and 645 Ventures.

Why This Matters

Every technology cycle creates a moment when yesterday's category leaders realize the assumptions that built their market no longer hold. This deal feels like one of those moments. For years, security platforms operated separately from enterprise data systems. Security data lived in one environment. Business data lived somewhere else. AI initiatives often sat in an entirely different stack. Modern enterprises increasingly view that separation as unnecessary friction.

Organizations already using Databricks for analytics, AI development, governance, and machine learning are beginning to expect security teams to operate against the same data foundation. Security is becoming less of a standalone destination and more of a workload running directly on top of enterprise infrastructure. Attackers do not respect organizational charts or software categories. They move across systems. Defenders increasingly need platforms capable of doing the same. Panther gives Databricks another piece of that puzzle.

Market Context

The acquisition arrives as AI forces nearly every infrastructure category to rethink its assumptions. Traditional SIEM platforms were built around a world where humans investigated alerts. Increasingly, enterprises expect AI agents to perform triage, enrich investigations, identify patterns, and accelerate response workflows. That changes the economics of security operations.

Panther spent years building toward this future through its detection-as-code philosophy. Detection-as-code allows security teams to manage detection logic using software engineering workflows such as version control, testing, peer review, and continuous deployment. Instead of treating detections as static configurations hidden inside proprietary software, Panther turned them into maintainable code. The approach resonated with engineering-driven organizations including Anthropic, Coinbase, Figma, Docker, Snyk, and Cockroach Labs.

Meanwhile, Databricks built one of the world's most influential enterprise data platforms, serving more than 20,000 organizations and 70% of the Fortune 500. The strategic overlap became increasingly difficult to ignore.

Competitive Landscape

The most interesting aspect of this acquisition may be who it affects. Databricks is not merely acquiring a security company. It is positioning itself more directly against established security and observability platforms. Splunk, now part of Cisco, remains one of the most recognized names in SIEM. CrowdStrike continues expanding beyond endpoint protection into broader security operations. Microsoft Sentinel remains deeply embedded inside Microsoft-centric environments. Now those companies face a competitor approaching security from the data layer rather than from the traditional security stack.

That distinction matters. Databricks already owns relationships with data teams, analytics teams, governance teams, and AI teams. Security becomes another workload running within an existing platform investment instead of requiring an entirely separate ecosystem. There is also an interesting competitive subplot. Snowflake Ventures participated in Panther's funding history. That means one of Databricks' largest competitors indirectly helped fund a security company that now becomes part of the Databricks platform.

What This Signals

The Panther acquisition is part of a broader pattern. Databricks acquired Antimatter in 2025 and SiftD.ai in 2026 before announcing the Panther transaction. Viewed individually, those acquisitions appeared tactical. Viewed together, they resemble a deliberate platform-building strategy. First came capabilities around AI authorization and access controls. Then detection engineering expertise. Now comes a full AI SOC platform with integrations, workflows, and practitioner credibility.

This is not random expansion. It is category construction. Technology markets often spend years arguing over features before eventually realizing the real battle is platform ownership. Databricks appears to believe security operations will increasingly belong inside broader data and AI environments. The Panther acquisition reinforces that thesis.

The Bigger Industry Shift

The phrase Security Lakehouse may sound like marketing language today. The more important question is whether it becomes market structure tomorrow. Historically, enterprise software created separate systems for analytics, machine learning, governance, and security. AI is pushing those boundaries together. Security data is becoming valuable beyond security teams. Business data is becoming critical to threat detection. AI agents increasingly need access across both domains. That creates pressure toward convergence.

The Databricks-Panther transaction suggests the future security stack may look less like a collection of disconnected tools and more like a unified intelligence layer built directly on enterprise data infrastructure. If that happens, this acquisition will be remembered as more than another cybersecurity deal. It may ultimately be remembered as part of the moment when security stopped being a separate destination and became a native function of the modern data platform.