Databricks launched Lakewatch on March 24, 2026, and the pitch is blunt: your SIEM is a money pit that throws away 75% of your security data because you cannot afford to keep it. Lakewatch is an agentic SIEM built on the Data Lakehouse that charges by compute, not by data volume, and deploys AI agents powered by Anthropic Claude to triage, investigate, and recommend containment across petabytes of telemetry. Adobe and Dropbox are already using it. CEO Ali Ghodsi told CNBC that “this will be the year we see AI killing the SIEM,” and with a $134 billion valuation and a likely IPO ahead, he clearly means it.
This is not a side project. Databricks acquired two security startups on the same day: Antimatter (provably secure AI agent authentication from UC Berkeley researchers) and SiftD.ai (founded by the creator of Splunk’s Search Processing Language). When you buy the person who built your competitor’s core technology, you are not experimenting.
How Lakewatch’s AI Agents Actually Work
Traditional SIEMs send you alerts. Lakewatch sends you agents. The system uses what Databricks calls “Agent Bricks,” autonomous AI agents powered by Anthropic’s Claude models that follow a five-stage reasoning loop:
Perception and triage. Agents pull signals from identity systems, endpoints, network traffic, and cloud telemetry simultaneously. Instead of an analyst manually correlating logs across Okta, CrowdStrike, and AWS CloudTrail, the agent synthesizes everything in unified context. Arctic Wolf, one of the launch partners, already processes 8 trillion security events per week on Databricks infrastructure.
Planning. The agent breaks an investigation into subtasks and sequences the right tools without human direction. If it sees a suspicious login from an unusual location, it does not just flag it. It checks whether the user’s credentials were in a recent breach dump, whether the IP matches known threat intelligence, and whether any lateral movement followed.
Execution. Agents run SQL queries, API calls, and scripts in sandboxed environments governed by Antimatter’s security controls. This is where the Antimatter acquisition pays off: the framework prevents prompt injection attacks and enforces boundaries on what credentials the agent can access.
Adaptation. If the initial hypothesis does not hold, the agent pivots. It re-evaluates results and adjusts the investigation path based on evidence, not static rules.
Resolution. The agent drafts containment actions and surfaces its full reasoning chain for human review. Critically, agents do not auto-remediate. A human must approve any containment action. Ghodsi’s reasoning: when mean time to exploit has dropped from 23 days in 2025 to 1.6 days in 2026, agents need to be fast, but the consequences of a wrong automated response are too severe to remove human judgment entirely.
Detection-as-Code: Security Rules in Git, Not GUIs
Lakewatch treats detection rules like software. Rules are defined in YAML or Python notebooks, stored in Git repositories, and deployed through CI/CD pipelines. This is what security engineers have wanted for years: version-controlled detections, code review for rule changes, and automated testing before deployment. Databricks calls this “Detection-as-Code,” and it is the clearest signal that Lakewatch was built for engineering teams, not for analysts clicking through dashboards.
The system also includes Genie AI, which can auto-generate detection scripts from threat intelligence feeds, translate natural language queries into SQL against multi-year historical data, and modify existing rules to reduce false positives. In practice, this means a security engineer can describe a detection pattern in plain English, and the system produces a tested, deployable rule.
The Economics: Why Databricks Claims 80% Lower TCO
The SIEM market has a dirty economics problem. Splunk, which holds roughly 47% market share and is now owned by Cisco, charges per gigabyte of data ingested. Microsoft Sentinel charges per gigabyte analyzed. At scale, these costs become punishing. Organizations running 35TB of daily security telemetry with a year of retention spend tens of millions annually on traditional cloud SIEMs, according to Databricks’ own analysis.
The result? Most SOC teams discard up to 75% of their security telemetry just to manage costs. They keep 30 to 90 days of hot data and throw away the rest. That means any threat that moves slowly, any attack that spans months, any insider threat that builds over time is invisible. You deleted the evidence before you knew you needed it.
Lakewatch flips the pricing model. Data lands in the customer’s own cloud object storage in open formats (Delta Lake, Apache Iceberg, and OCSF). Storage costs are commodity cloud rates. Compute costs accrue only when you run queries or trigger agents. Databricks claims this enables a 250% increase in data volume and 4x the retention period at the same total cost as traditional SIEM.
Open Formats, but Read the Fine Print
Lakewatch uses open data standards, and that matters. Logs from any source are mapped to OCSF (Open Cybersecurity Schema Framework) automatically, enabling cross-source correlation without proprietary indexing. Unity Catalog governs access control and data lineage from ingestion through analysis.
But “open formats” and “open architecture” are different things. As one analyst noted, while you own your data in open formats, the operational tooling, workflows, and detection pipelines remain proprietary Databricks. Data portability does not guarantee operational portability. If you build 500 detection rules and 50 agent workflows in Lakewatch, switching to a competitor means rebuilding all of that from scratch.
The Acquisitions: Antimatter and SiftD.ai
Databricks announced both acquisitions alongside the Lakewatch launch. Terms were not disclosed, but the strategic logic is clear.
Antimatter was founded by Andrew Krioukov and other UC Berkeley security researchers. The startup raised $12 million in 2022 from New Enterprise Associates and built a data security platform using secure enclaves (processor-level encryption) to protect stored data. For Lakewatch, Antimatter’s core contribution is provably secure authentication and authorization for AI agents: preventing prompt injection, enforcing credential boundaries, and ensuring agents cannot escalate their own privileges. This directly addresses the OWASP Top 10 for Agentic Applications, particularly risks around excessive agency and insecure tool use.
SiftD.ai brings a different kind of credibility. Its founder created Splunk’s Search Processing Language (SPL), the query language that powers the most widely deployed SIEM on the planet. SiftD.ai launched its product in November 2025: an interactive notebook where humans and AI agents collaborate on detection engineering. Hiring the person who built Splunk’s brain is a pointed statement about where Databricks thinks the SIEM market is heading.
Who Lakewatch Competes With (and Who It Partners With)
The SIEM market is a $7 billion segment inside a broader security analytics market that is growing at 14% annually. Lakewatch enters against entrenched players, but with a fundamentally different architecture.
Splunk (Cisco). The incumbent with 2,400+ marketplace integrations and deep enterprise relationships built over a decade. Splunk’s moat is its ecosystem, not its technology. But Cisco’s acquisition has created market uncertainty, and Splunk’s per-GB pricing model is increasingly painful at the data volumes modern SOCs generate.
Microsoft Sentinel. Strong Azure-native integration and mature AI capabilities through Copilot for Security. The weakness: economic advantages diminish sharply outside Azure environments, and third-party data ingestion costs remain high.
Palo Alto XSIAM. Benefits from Palo Alto’s endpoint data and uses AI to group alerts into prioritized cases. Ironically, Palo Alto Networks is also a Lakewatch launch partner, suggesting even competitors see value in the open lakehouse approach for data storage.
Lakewatch’s bet. Databricks has 20,000+ organizations on its platform and serves 60%+ of the Fortune 500. The theory is that security teams already using Databricks for analytics will adopt Lakewatch because their data is already there. No migration, no new vendor relationship, just a new workload on existing infrastructure.
The launch partner list includes Anvilogic, Arctic Wolf, Cribl, Okta, Wiz, Zscaler, and Proofpoint. One notable absence: CrowdStrike. Whether that is a competitive signal or a timing issue, analysts are watching.
What Could Go Wrong
Lakewatch is in Private Preview, not generally available. Enterprise security products live or die on trust built over years of incident response, and Databricks has zero track record here. Adobe and Dropbox are impressive logos, but a handful of design partners is not the same as battle-tested production deployments.
The SIEM replacement cycle is brutally slow. Ripping out Splunk means migrating thousands of detection rules, retraining analysts on new query languages, and rebuilding integrations with every security tool in the stack. Even if Lakewatch is technically superior, the switching cost may keep many organizations on their current platform for years.
There is also the question of agentic trust. Lakewatch’s agents do not auto-remediate, which is prudent. But as attack speeds accelerate (1.6 days from exploit to breach), organizations will eventually demand fully autonomous response. When that day comes, the security implications of a misconfigured AI agent taking containment actions at machine speed are severe. The OWASP agentic security risks around excessive agency and insecure output handling apply directly.
Larry Dignan of Constellation Research framed it well: “Simply put, the companies that manage your data are entering the market to secure it too.” Whether that is a natural evolution or a dangerous distraction from Databricks’ core business is the $134 billion question.
Frequently Asked Questions
What is Databricks Lakewatch?
Databricks Lakewatch is an open agentic SIEM launched in March 2026. Built on the Data Lakehouse architecture, it uses AI agents powered by Anthropic Claude to automate threat detection, investigation, and response across petabytes of security telemetry. It charges by compute rather than data volume, claiming up to 80% lower total cost of ownership compared to traditional SIEMs like Splunk.
How does Lakewatch use AI agents for threat detection?
Lakewatch deploys autonomous AI agents through its Agent Bricks framework. These agents follow a five-stage reasoning loop: perceiving and triaging alerts across multiple data sources, planning investigation steps, executing queries and API calls in sandboxed environments, adapting their approach based on evidence, and drafting resolution actions for human approval. The agents are powered by Anthropic’s Claude models and governed by Antimatter’s security controls to prevent prompt injection and credential abuse.
How does Databricks Lakewatch compare to Splunk?
Lakewatch differs from Splunk in three key ways: pricing (compute-based vs. per-GB ingestion), architecture (open data formats in customer-owned storage vs. proprietary indexing), and automation (agentic AI investigation vs. rule-based alerting). Splunk’s advantages include 2,400+ marketplace integrations, a decade of enterprise trust, and deep incident response expertise. Databricks notably acquired SiftD.ai, whose founder created Splunk’s Search Processing Language.
Is Databricks Lakewatch generally available?
As of March 2026, Lakewatch is in Private Preview. Adobe, Dropbox, and National Australia Bank are among the early design partners. General availability has not been announced yet. Databricks serves over 20,000 organizations and 60% of the Fortune 500, giving it a large existing customer base to convert.
What LLM powers Databricks Lakewatch?
Lakewatch’s AI agents are powered by Anthropic’s Claude models. The partnership is bilateral: Anthropic itself uses Databricks as its own security lakehouse. The Claude models handle cross-signal correlation, investigation planning, natural language querying of historical data, and automated detection rule generation.