Databricks just made its third cybersecurity acquisition. This time, it’s buying Panther Labs, a startup built to automate threat detection and response with AI.

At $134 billion, Databricks is no small player. It’s doubling down on what it calls the “security lakehouse” — a platform that unifies security data and uses AI agents to triage alerts and investigate threats without human bottlenecks.

AI has flipped the game. Attackers now deploy AI agents to find and exploit vulnerabilities faster than humans can react. Databricks CEO Ali Ghodsi put it bluntly: “If they attack you with agents, you have to defend with agents.” The old manual ways of handling security alerts are obsolete.

Panther fits perfectly into this vision. It aggregates security data from over 100 sources, from cloud infrastructure to SaaS apps, all ready for AI-powered analysis. Its detection-as-code approach lets security teams write flexible, automated rules that evolve with emerging threats.

Panther’s roots trace back to StreamAlert, an open-source project once housed at Airbnb. It’s now a cloud-native AI SOC (Security Operations Center) platform, prized by customers like Anthropic for protecting AI-first environments. This focus on AI-native security is crucial as enterprises rush to secure their growing swarm of AI agents.

Databricks unveiled its own security lakehouse product, Lakewatch, earlier this year. It centralizes security, IT, and business data in a governed environment that scales to massive volumes of unstructured data. Adding Panther accelerates this roadmap, embedding AI agents directly into SOC workflows to automate alert triage, context gathering, and response.

The deal is also a strategic bet against legacy SIEM platforms like Splunk and CrowdStrike. Databricks sees these incumbents as stuck with high costs, incomplete data, and manual, slow workflows. Panther’s cloud-native, agentic model is designed to disrupt that market by offering faster, broader threat detection and lower costs.

Ali Ghodsi admits he pitched Panther’s founder Jack Naglieri back in 2021. Naglieri declined then, aiming to build independently. Panther’s valuation has since climbed to $1.4 billion, validating that decision. Now, with Databricks’ own valuation surging and an IPO looming, the timing finally worked out.

The acquisition strengthens Databricks’ security team, following earlier buys of Antimatter and SiftD.ai. Together, these moves position Databricks as a serious contender in AI-powered cybersecurity, offering enterprises a platform designed for the AI arms race.

Databricks declined to disclose the deal price. The acquisition still awaits regulatory approval. But the message is clear: defending against AI-driven attacks requires AI-driven defense. Databricks aims to be the platform powering that fight.