Databricks is trying to carve out a bigger role in cybersecurity for itself with the launch of “Data Intelligence for Cybersecurity,” a platform aimed at unifying fragmented security data and powering AI agents against automated attacks.
The company says the tool integrates directly with existing security stacks, giving teams a single, governed foundation for spotting threats earlier and responding faster.
“With Data Intelligence for Cybersecurity, Databricks is making data and AI every organization’s strongest defense strategy,” said Omar Khawaja, VP of Security and Field CISO at Databricks. “Security teams can now gain a more accurate, governed, and flexible approach to building AI agents that proactively combat today’s modern and AI-based threats.”
Databricks’ pitch leans on its “Lakehouse” architecture, which it claims delivers real-time intelligence with richer context than traditional SIEM tools. Early adopters such as Arctic Wolf, Palo Alto Networks, and SAP are already reporting sharper detection rates, lower costs, and fewer bottlenecks in security operations, according to a Databricks announcement shared with CSO ahead of its publication on Tuesday.
Stitching Security Data into One Fabric
A recurring pain point for security teams, Databricks noted, is data sprawl with telemetry scattered across different tools and each vendor enforcing its own rules of engagement. The new platform is apparently designed as a counter to that, with “Agent Bricks” allowing organizations to build AI-powered apps and agents that analyze threats and take action under governance controls. The platform also introduces conversational dashboards and natural language queries, aimed at helping even non-technical leaders grasp real-time risks.
Arctic Wolf’s Dan Schiappa acknowledges the issue of sprawl. “Cybersecurity is increasingly a data challenge, shaped by the scale, speed, and diversity of telemetry across modern environments,” he said in the announcement. “The Aurora Platform processes over 8 trillion security events each week, and Databricks is part of the foundation that allows us to unify and analyze this data in real time.”
Other early adopters have reported measurable improvements, too. Palo Alto Networks reportedly tripled its AI-powered detection features and reduced operational costs, while SAP cut engineering time by 80% and boosted rule deployment fivefold.
Databricks also announced partner integrations with a bunch of known cybersecurity providers, including Abnormal AI, ActiveFence, Alpha Level, Arctic Wolf, BigID, DataBahn, Datanimbus, Deloitte, Entrada, Obsidian Security, Panther, PointGuard AI, Rearc, SPLX, Theom AI, Varonis, and ziggiz.
A crowded field of AI Security Platforms
Databricks’ latest move puts it in competition with established security players who’ve been leaning heavily on AI-driven analytics, including Splunk (now part of Cisco), Microsoft Sentinel, Google Chronicle, and startups like Securonix. Each offers some flavors of unifying data streams, layering AI detection, and reducing analyst fatigue.
For Databricks, the differentiator will be whether its Lakehouse roots can overcome the “rip-and-replace“ perception common in cybersecurity. Analysts will be watching to see if Agent Bricks can give customers enough flexibility to deploy AI responsibility while avoiding the lock-in that plagues traditional SIEM.
Adanan Amjad, US cyber leader at Deloitte, argued that the ecosystem strategy could help Databricks stand out. “Our alliance with Databricks helps enable organizations to fully utilize AI-driven insights, helping them transform their security operations to meet the challenges of today’s digital landscape,” he said. Still, to excel, Databricks will need to prove that an open partner network and unified governance deliver more than just marketing lines.
No Responses