Databricks Announces Lakewatch: New Open, Agentic SIEM

2026-03-24 · Source: Databricks · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Data Science & Analytics · Depth: Intermediate, medium

Summary

Databricks has announced Lakewatch, an open, agentic Security Information and Event Management (SIEM) platform designed to combat AI-driven cyberattacks. Lakewatch unifies security, IT, and business data within a single, governed lakehouse environment, leveraging open formats to ingest and analyze vast volumes of multi-modal data. This approach aims to reduce costs, eliminate vendor lock-in, and provide complete enterprise visibility, enabling security teams to deploy defensive AI agents for automated threat detection and response at scale. The platform is launching in Private Preview with initial customers including Adobe and Dropbox. Databricks is also establishing an "Open Security Lakehouse Ecosystem" with partners like Anvilogic, Arctic Wolf, and Deloitte, and has acquired Antimatter and SiftD.ai to enhance its agentic SIEM capabilities.

Key takeaway

For VPs of Engineering or Data grappling with escalating AI-driven threats and the limitations of traditional SIEMs, Lakewatch offers a compelling architectural shift. You should evaluate its open lakehouse approach to consolidate security and business data, potentially slashing costs and enabling machine-speed threat detection and response. Consider participating in the Private Preview to assess its fit for your organization's petabyte-scale security operations and long-term data retention needs.

Key insights

Databricks' Lakewatch offers an open, agentic SIEM built on a lakehouse architecture to counter AI-driven cyberattacks.

Principles

• Decouple storage from compute for cost-effective data retention.
• Unify security, IT, and business data for comprehensive threat context.
• Utilize AI agents for automated, machine-speed defense.

Method

Lakewatch ingests and normalizes security telemetry into open formats (OCSF) on a lakehouse, enabling AI-powered agents (Genie) for detection, response, and natural language querying across all enterprise data.

In practice

• Ingest 100% of security telemetry, including multimodal data.
• Correlate alerts across HR, collaboration, and application logs.
• Define detection rules using YAML or Python notebooks.

Topics

• Agentic SIEM
• Data Lakehouse
• AI-driven Cybersecurity
• Threat Detection
• Security Operations

Best for: VP of Engineering/Data, Executive, Security Engineer, AI Security Engineer, CTO

Related on AIssential

• Building an open ecosystem for AI governance with Unity AI Gateway — Databricks' Unity AI Gateway ecosystem extends AI governance to runtime interactions, integrating security and identity solutions for enterprise-scale AI.
• Building the future of security with NAB with Lakewatch — Lakewatch is an open security lakehouse co-developed with industry partners for AI-era cyber defense.
• Databricks says it solved the decades-old data pipeline problem that's been slowing AI agents — Databricks unifies transactional and analytical data at the storage layer, enabling millisecond latency for AI agents.
• Your Data, Your Lake: How Observe Uses Iceberg and Streaming ETL for Observability — Lakehouse architectures can provide scalable, cost-efficient observability by centralizing diverse telemetry data.
• I built ClawMon. A monitor for unsafe OpenClaw instances — OpenClaw's rapid adoption masks critical security vulnerabilities and escalating operational costs.
• IBM Introduces Autonomous Storage with New FlashSystem Portfolio Powered by Agentic AI — IBM's new FlashSystem integrates agentic AI for autonomous, resilient, and efficient enterprise storage management.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Databricks.