Databricks Makes Third Cyber Acquisition, Acquiring Panther Labs

Databricks announced on June 16 that it has agreed to acquire Panther Labs, a cloud-native security operations platform, marking the data and AI company's third cybersecurity acquisition and signaling an aggressive push to compete directly with CrowdStrike and Splunk in the enterprise security market.

The deal, for an undisclosed sum, brings Panther Labs' security information and event management (SIEM) technology into Databricks' growing security portfolio. Panther was last valued at $1.4 billion following a $120 million Series B round in 2021.

**The Deal: Building a Security Moat Around Data**

Panther Labs' core product ingests security-relevant data streams — logs, events, alerts — into a single unified platform, then uses software agents to detect and respond to threats with minimal human involvement. In an era where AI-powered attacks are growing faster than human security teams can manage, this kind of automated detection and response is becoming table stakes for enterprise security.

Databricks CEO Ali Ghodsi made the strategic rationale explicit at the company's Data + AI Summit in San Francisco. "If they're going to attack you with agents, you have to defend with agents," Ghodsi told Reuters. "You have to fight fire with fire." He declared older alert-and-log workflows "dead," arguing that AI has accelerated the speed at which attackers can turn software vulnerabilities into real intrusions.

This is Databricks' third security acquisition in just over a year. In March 2025, the company acquired Antimatter, a startup specializing in data protection and secure governance for AI agents — a deal kept confidential until March 2026, when Databricks launched its AI-powered security product, Lakewatch. That same month, it also bought SiftD.ai, an early-stage company focused on agentic AI-human collaboration and large-scale detection engineering.

**The Bigger Picture: AI Security is the New Battlefield**

The convergence of AI and cybersecurity isn't new, but the pace of consolidation is accelerating. The logic is straightforward: as AI makes attacks faster and more sophisticated, traditional security tools — which rely heavily on human analysts correlating alerts across multiple dashboards — can't keep up. The answer, at least according to Databricks, is to fight AI with AI.

Panther Labs gives Databricks three critical capabilities. First, a SIEM platform that can ingest massive volumes of security data at scale — exactly the kind of data-heavy workload Databricks' core data lakehouse platform was built to handle. Second, automated detection and response that reduces mean time to detect from hours to seconds. Third, a customer base of security-focused enterprises that Databricks can now cross-sell its broader data and AI platform to.

The acquisition also positions Databricks more directly against CrowdStrike, which has been building its own AI-powered security capabilities, and Splunk (now part of Cisco), which dominates the traditional SIEM market. By combining its data lakehouse with Panther's security operations platform and Antimatter's AI governance tools, Databricks is betting that the future of security isn't a standalone product — it's an integrated layer within the data platform itself.

**The IPO Shadow**

All of this acquisition activity comes as Databricks reportedly considers a new funding round that could push its valuation to $165-175 billion. The company has been private for 13 years, repeatedly delaying an IPO in favor of raising private capital and facilitating secondary share sales. Ghodsi has told investors the company remains on track for a public listing, potentially as early as 2027.

The timing of the Panther acquisition — coming alongside a potential new funding round — suggests Databricks is building out its product portfolio and revenue base before going public. A broader platform that combines data engineering, AI, and security under one roof is a more compelling IPO story than a pure data play.

**What This Means For You**

If you work in enterprise IT or security, expect your Databricks rep to start leading with security conversations. The company is clearly positioning itself as a one-stop shop for data, AI, and security — and that means existing Databricks customers will see increasing pressure to adopt Lakewatch and the Panther-powered security features. Evaluate whether the integrated approach genuinely simplifies your stack or just creates another vendor lock-in.

If you're a security startup, the message is clear: the window for standalone SIEM and detection tools is closing fast. Either you get acquired (congratulations, Panther) or you get outcompeted by platforms that bundle security with data and AI. The next 18 months will determine which category you fall into.

For investors, Databricks' acquisition strategy is worth watching closely. Three security acquisitions in 15 months is aggressive by any standard. If the integrated product delivers — if Lakewatch plus Panther actually reduces enterprise security costs — the company's eventual IPO could be one of the biggest tech listings in history. If it doesn't, the company will have spent billions building a security moat that enterprises may not want to swim through.