Databricks enters cybersecurity with Lakewatch after acquiring Antimatter and SiftD.ai

Databricks bought two startups to underpin its new AI security product

With an overflowing war chest from its $5 billion raise that closed last month (not to mention billions in revenue), Databricks is acquiring. The company, best known for its cloud data analytics platform, announced on Tuesday that it was launching a new security product called Lakewatch. Lakewatch takes Databricks' ability to store massive amounts of data and performs classic Security Information and Event Management (SIEM) tasks, like detecting and investigating threats. Only it does so with the help of AI agents powered by Anthropic's Claude. Databricks bought two startups to underpin this new product: Antimatter, in an undisclosed-until-now deal that closed last year, and SiftD.ai, in a deal that flew together over the last couple of weeks and closed on Monday, the company told TechCrunch. Terms were not disclosed for either deal. Antimatter, founded by security researcher Andrew Krioukov, raised $12 million led by New Enterprise Associates in 2022, according to Pitchbook estimates. If tiny SiftD.ai had raised money, Pitchbook wasn't aware. SiftD.ai was so young, it had only launched its product in November: an interactive notebook (like a Jupyter notebook) intended to be a tool where people and agents worked together. The Databricks team knew the startup's co-founder CEO Steve Zhang from his many years as chief scientist at Splunk (through 2021). He created the Search Processing Language while there. (His LinkedIn also says he was CTO of Astronomer, of the Coldplay CEO scandal, but left there in 2023 before founding SiftD.) Both of these acquisitions were of small startups -- only a few people in SiftD's case and less than 50 for Antimatter, according to LinkedIn. SiftD appears to be an acquihire. With Antimatter, Databricks probably gained some IP, too. Krioukov had demonstrated Antimatter's tech on stage in 2024 at RSA's Innovation Sandbox Contest. Antimatter was working on a "data control plane" tool that allowed enterprises to deploy agents securely, while protecting sensitive data. While Databricks declined to say how many employees it acquired, it confirmed that the startups' employees did join the company. Krioukov, who's been at Databricks for months now, is leading the Lakewatch team. We asked Databricks if it was going to keep shopping for startups and a spokesperson essentially said, yes, that it continuously has its feelers out. "We're always looking to what's next -- our goal is to stay ahead of the market and close gaps in what our customers need," the spokesperson said.

Databricks Expands Into Cybersecurity Arena With New Lakewatch Offering

Databricks is applying its AI and data platform -- and disclosing two acquisitions -- as it brings an agentic approach to traditional SIEM cybersecurity. Databricks is expanding into the cybersecurity space, launching Tuesday a new agentic SIEM product that taps into the data management and AI capabilities of the company's core Data Intelligence Platform to provide threat detection and investigation capabilities. Databricks says its new Lakewatch offering is designed to help organizations defend against increasingly sophisticated attackers using AI and agents that reduce the time security teams have to detect and respond to attacks. "Security is really a data problem, at the core of it," said Andrew Krioukov, general manager of Lakewatch, in an interview with CRN. "Our strengths are data and AI. We see this as the evolution of SIEM." [Related: 20 Coolest AI And Security Products At RSAC 2026] Krioukov noted that prior to this product launch, some customers were already running security workloads on the Databricks platform, loading security logs and other security data into Databricks, "because it was the best place for doing threat analytics," and "outperformed existing tools," Krioukov said. Lakewatch, currently in private preview, unifies security, IT and business data into a single, governed environment for AI detection and response, according to the Databricks announcement. It enables organizations to ingest, retain and analyze huge volumes of multi-modal data that provides security teams with complete visibility across an enterprise. With Lakewatch security operations teams also can deploy security agents to automate threat detection and response "at massive scale," according to the company. Databricks' move into SIEM (security information and event management) stems from the company's previously undisclosed acquisition in May 2025 of Antimatter, a startup developing technology for secure authentication and authorization of AI agents. Krioukov, who was co-founder and CEO of Antimatter, said that company's technology was originally built on the Databricks platform and provided the foundation for Lakewatch. "We were real partners before we were acquired," he said. "But certainly, Lakewatch has grown to be much, much more than what we had nine months ago. And I'd say in record time too," Krioukov said, pointing to the product itself, Databricks' broader vision, and the Antimatter team that tripled in size within Databricks post-acquisition to develop Lakewatch. Databricks announced that it also acquired SiftD.ai, founded by the creator of Splunk's Search Processing Language (SPL), a move that's expected to bring "deep expertise" in large-scale detection engineering and modern threat analytics, Databricks said. Krioukov said the SiftD.ai personnel have joined his team. The Core Concepts Behind Lakewatch Lakewatch is designed around three pillars, according to Krioukov, the first being that security teams need to be able to see all of an organization's data in open formats, including unstructured data such as text, audio and images that he said traditional SIEM tools struggle to work with. Second is the need to leverage agentic AI to automate manual security practices that are too slow and cumbersome for today's increased pace of cyberattacks. Using Lakewatch and Databricks' Agent Bricks tools for building production agents, customers can build, optimize and deploy custom security agents. Lakewatch is also integrated with Databricks' Genie AI assistant to automate security processes such as alert triage. "The attackers are moving faster and faster and so the time to respond is dropping," Krioukov said. "We're applying AI to help the teams that are tasked with defending a company, to help automate their workflows, help them do their jobs faster, so that they can spot threats sooner and react to those threats faster." And the third pillar, openness and flexibility, is based on the ability of the Databricks platform to work with data from a broad range of sources and connect to IT systems from the large number of companies within Databricks' technology partner ecosystem. Databricks debuted Lakewatch at this week's RSAC 2026 conference in San Francisco where Databricks co-founder and CEO Ali Ghodsi was a keynote speaker and, in his presentation, focused on how much AI has replaced traditional SIEM. Krioukov said that given the importance of data and AI within the realm of cybersecurity, Lakewatch is not just a side product for Databricks. "Databricks and Ali [Ghodsi] and the board have decided that this is a major investment area...and that's what spurred all this, both the acquisitions and the growth of the team," he said, calling the RSAC event the "big coming out party" for the company's entrance into the cybersecurity space. Krioukov said Lakewatch provides opportunities for the company's channel partners around new security use cases such as leveraging business data for fraud detection.