11:37 am - March 26, 2026
Databricks Lakewatch security arrived Tuesday backed by a $5 billion war chest that closed last month and two acquisitions the company had not fully disclosed until now. One deal was months old. The other closed the day before the announcement. Neither came with a price tag.
That is how you build a product launch when you have the balance sheet to move fast and the competitive pressure to move faster. The enterprise security market has been consolidating for two years. Databricks, best known for its cloud data analytics platform, just planted a flag in it.
What the Databricks Lakewatch Security Product Actually Does
The Databricks Lakewatch security product sits inside Databricks’ existing data infrastructure and runs Security Information and Event Management functions: detecting threats, investigating incidents, correlating signals across an enterprise environment. SIEM is not a new category. It is, however, a large and sticky one, dominated by vendors whose underlying architecture predates the AI era. Databricks is betting that a platform built natively on large-scale data storage, with Anthropic’s Claude powering the AI agent layer, can do the job better than incumbents who have been bolting AI onto legacy systems.
The pitch is coherent. Whether enterprise security buyers agree is a separate question, and those buyers move slowly.
To get Lakewatch built, Databricks acquired two startups. The first was Antimatter, founded by security researcher Andrew Krioukov. That deal closed last year and was not disclosed at the time. Antimatter had raised $12 million, led by New Enterprise Associates, and was working on what it called a data control plane: a tool allowing enterprises to deploy AI agents securely while protecting sensitive data. Krioukov demonstrated the technology at RSA’s Innovation Sandbox Contest in 2024. He has been at Databricks for months and is now leading the Lakewatch team.
The Databricks Lakewatch Security Acquisition That Came Together in Days
The second acquisition, SiftD.ai, is a different kind of deal entirely. It came together over a couple of weeks and closed the day before the announcement. That timeline is not normal M&A. That is a talent grab with paperwork.
SiftD.ai had only launched its product in November: an interactive notebook designed for humans and AI agents to work together on data analysis tasks. The company was so early that PitchBook had no record of it raising outside capital. Headcount, per LinkedIn, was a handful of people. By any conventional measure, SiftD.ai was a pre-revenue acqui-hire. What Databricks was buying was the co-founder CEO, Steve Zhang, who spent years as chief scientist at Splunk and created its Search Processing Language. That credential matters enormously in a product built to compete with Splunk’s core use cases.
The Databricks Lakewatch security team now has the person who literally wrote the language that Splunk’s search engine runs on. That is the acquisition. The startup was the vehicle.
The Databricks Lakewatch Security Launch and What Comes Next
Databricks closed a $5 billion fundraise last month. With that kind of capital on hand, alongside the revenue base the company has built, the two acquisitions behind Lakewatch represent a rounding error on the balance sheet. Antimatter’s $12 million raise sets a rough ceiling on what Databricks paid for it, though acqui-hire premiums vary and IP deals often close above the last round. SiftD’s undisclosed terms almost certainly reflect the company’s pre-revenue status: acqui-hire economics, not strategic acquisition pricing.
Both deals together probably cost less than the engineering hours Databricks would have spent building Lakewatch from scratch. Probably.
When asked whether Databricks planned to keep acquiring, a company spokesperson confirmed the answer was yes. The phrasing was careful: the company is always looking at what’s next and working to close gaps for customers. Read that as an open acquisition pipeline, not a one-time move. A company sitting on $5 billion with a new product category to defend will not stop at two small deals.
The Databricks Lakewatch security product enters a market where Databricks is the new entrant and every incumbent has years of customer relationships and compliance certifications. SIEM contracts at large enterprises run long and renewal cycles are slow. Databricks has the distribution advantage of selling into accounts where its data platform already runs. That is the wedge.
The Databricks Lakewatch security bet is that the customers already trusting Databricks with their data will trust it with their threat detection too. The incumbents will argue otherwise. Enterprise security buyers will take their time deciding who to believe, and in that window, the sales cycles will tell you everything the press release cannot.
