The rising prevalence of AI tools in the past few years, and the more recent development of agentic AI, have not only been applied to personal and enterprise purposes, but also significantly shifted the threat landscape. Attackers using tactics and technology powered by AI can now probe cloud, software-as-a-service (SaaS), and AI systems for vulnerabilities at machine speed, enabling them to launch massive volumes of attacks with far less human input than ever before.
Legacy security information and event management (SIEM) tools depend upon manual data ingestion, hand-written detection rules, and human-paced alert review, rendering them ineffective against sophisticated AI-enhanced attacks. Most organizations only actually analyze a fraction of their security data, creating systemic blind spots that are open to threats from both within and without.
Why the Old Model Can't Hold
The ongoing evolution of the digital landscape, emerging technologies, and threat tactics has led to an environment where traditional security measures are no longer able to defend modern organizations. High costs and rigid architecture push security teams to limit the amount of data that is even collected, let alone addressed. Detection backlogs continue to grow faster than human analyst teams can possibly investigate them.
With the compounding difficulties of technology and threats outpacing human capabilities to defend organizations, it is more important than ever to reassess and update approaches to security. Databricks co‑founder and CEO Ali Ghodsi underlines that alert-and-log workflows are “dead” in the AI era. This is why, in an effort to build better security offerings in the age of AI, DataBricks has made the move to acquire leading AI SOC platform Panther.
The Deal That Almost Didn't Happen
This acquisition has been several years in the making, as Ghodsi states he first pitched the deal to Panther CEO Jack Naglieri in 2021, but was turned down at the time. Ghodsi believes that this was a prudent decision, and the growth of Panther in the intervening time has proven it. After a $120 million Series B round in 2021, the company continued to build independently in the years since, leading its valuation to climb to $1.4 billion as the threat landscape shifted in its favor.
At the same time, DataBricks has ascended to a $134 billion valuation, making it one of the most highly valued private companies. This ongoing success and expansion to a globally leading company finally pushed Naglieri to accept the offer of acquisition, five years after it was originally proposed.
What Databricks Is Actually Buying
DataBricks is acquiring over one hundred pre-built integrations across cloud, identity, endpoint, and SaaS data sources from this acquisition. Panther’s detection-as-code workflows that enable security teams to treat threat-hunting like software engineering. The company also offers agentic SOC capabilities that are designed to triage, investigate, and propose responses with minimal human involvement.
Proof Under Fire: The Anthropic Test Case
Panther’s offerings are not just hypothetical but are backed up by industry leaders placing trust in the platform to protect their operations. Part of what makes the deal a good bet for DataBricks is the fact that Anthropic already runs Panther to defend its own AI-native infrastructure. This endorsement and trust from a leading AI company signal that Panther’s approach works even in environments facing the most sophisticated AI-era threats.
A frontier AI lab vouching for an AI-defense tool sharpens the framing of the deal as an attempt to “fight fire with fire,” as Ghodsi says. Human teams are not capable of keeping up with the operations of AI-heavy operations and fighting against AI-enhanced threats; it is crucial to leverage AI-powered tools to defend modern enterprises.
Building a Security Empire Inside the Lakehouse
This acquisition is not an event that stands alone; Panther is the third such move by DataBricks this year, following the March announcement of the dual acquisition of specialized startups Antimatter and SiftD.ai. Taken together, these actions help DataBricks to assemble a full stack intended to challenge industry giants like CrowdStrike and Splunk. The timing of the acquisition coincides with a potential new round of funding and a long-delayed push toward IPO.
This series of moves by DataBricks to build toward an AI-ready defense stack is part of a push toward an “Open Security Lakehouse Ecosystem,” as exemplified by the company’s agentic Lakewatch SIEM. “Databricks, which has the trust of 70% of the Fortune 500 in data and AI, is doubling down on Lakewatch and our security lakehouse vision,” says Ghodsi. “With Panther, we enhance and expand our ability to analyze all data and automate SOC workflows.”
What Happens When the SOC Runs Itself
This deal must first pass customary regulatory clearance before it can officially close. With the intention to acquire Panther, DataBricks is betting its security future on agents replacing, rather than simply assisting, human analysts. The acquisition and similar developments across the industry leave the question open regarding what will come of the humans who currently run the SOC if defenses become fully automated.