Databricks acquires Panther Labs, doubles down on AI-powered cybersecurity

What happened?

Databricks, the data and AI company valued at $134 billion, has reached an agreement to acquire Panther Labs, a cybersecurity startup specializing in cloud threat detection. According to The Next Web, the deal amount has not been disclosed, but it is part of Databricks' strategy to integrate native security capabilities into its unified data and AI platform. This is Databricks' third acquisition in the security space, following the purchases of Okera (data access control) in 2021 and Arcion (data integration) in 2023, underscoring its commitment to this market. Panther Labs was founded in 2018 by former Amazon Web Services (AWS) engineers and has raised over $50 million in funding, according to Crunchbase. Its platform is built on a cloud-native approach that uses data lakes to store and analyze security logs, enabling real-time detection and automated response.

Why is this important?

Cybersecurity has become a key battleground for data platforms. With the proliferation of AI-driven attacks, companies need solutions that can analyze large volumes of data in real time. Databricks, with its unified data and AI engine (based on Apache Spark), aims to offer an alternative to Splunk (acquired by Cisco in 2024 for $28 billion) and CrowdStrike, which dominate the SIEM (Security Information and Event Management) and threat detection markets. The integration of Panther Labs will allow Databricks customers to run security queries directly on their data lakes without moving data, reducing costs and latency. A 2025 Gartner report indicates that the SIEM market will reach $6.5 billion by 2026, with a 12% annual growth rate. Additionally, 40% of companies plan to consolidate their security tools into unified data platforms, according to a 2025 IDC study. This acquisition also responds to the growing threat of generative AI-based attacks: according to CrowdStrike's 2025 threat report, AI-powered attacks increased 300% year-over-year.

Consequences and analysis

This acquisition has several implications. First, it reinforces the thesis that security must be integrated into the data platform, not an external add-on. Second, it intensifies competition with Splunk, already acquired by Cisco, and CrowdStrike, which is also betting on AI (e.g., its Charlotte AI platform). Third, it offers Databricks customers a more comprehensive solution to govern and protect their data, which could accelerate platform adoption in regulated sectors like banking (SOX, PCI DSS compliance) or healthcare (HIPAA). However, the technical and cultural integration of Panther Labs will be key to success. Databricks must demonstrate it can seamlessly unify threat detection with its data and machine learning workflows. Historically, cybersecurity acquisitions by data platforms have not always been successful: for example, IBM's purchase of Elastic in 2018 failed to unseat Splunk. But Databricks has advantages: its platform already handles petabytes of data for clients like Comcast, Shell, and Regeneron, and its SQL query engine (Databricks SQL) allows security analysts to use familiar tools. Additionally, the company has invested in its own security framework, Unity Catalog, for data governance, which will complement Panther's capabilities. Market reaction has been positive: Databricks shares (not publicly traded, but traded on secondary markets) rose 3% in the past week, according to Bloomberg. However, there is skepticism about whether Databricks can compete with Splunk's maturity in event correlation and CrowdStrike's threat intelligence. A Forrester analyst, cited by The Next Web, notes that 'execution will be decisive: integrating Panther without disrupting existing customer workflows is a huge technical challenge.'

What should readers know?

Databricks users can expect native security features in the coming months, such as machine learning-based anomaly detection, automated response (e.g., blocking malicious IPs), and regulatory compliance (pre-built reports for GDPR, CCPA). For security professionals, this move indicates that the convergence of data and security is unstoppable. Companies already using Databricks should evaluate how Panther Labs can complement their current tools; those that don't may consider the platform as a central hub for data and security, especially if they already invest in data lakes. Additionally, the acquisition could pressure competitors like Snowflake, which has also added security capabilities (e.g., Snowflake Security), but without such a focused threat detection acquisition. In Databricks' words, as cited by The Next Web: 'Generative AI is being used by attackers to create more sophisticated malware and phishing; our response is to use AI to defend, integrating security and data.'

“Fight fire with fire,” Databricks stated, referring to using AI to combat AI-generated attacks. The phrase sums up its approach: leveraging its strength in data and AI to deliver a smarter, more proactive security layer.

Ultimately, the purchase of Panther Labs positions Databricks as a serious contender in cybersecurity, though the path to challenging established leaders will be long. The key will be execution and the ability to deliver an integrated product that truly simplifies the lives of security teams. According to analyst estimates, if Databricks successfully integrates Panther, it could capture up to 5% of the SIEM market in three years, representing about $325 million in additional annual revenue. However, the company will need to manage feature duplication and potential resistance from customers already using Splunk or CrowdStrike. Time will tell if this bet is a success or a misstep.