Databricks unveils Lakewatch, an open agent-driven security lakehouse
Context and Chronology
Databricks announced Lakewatch, a security-focused lakehouse that centralizes diverse telemetry — logs, traces, files, and rich media — into a governed data plane to speed detection and response. The offering is positioned to run agent-driven workflows inside the unified lakehouse so teams can retain multi-year telemetry at lower cost and apply automated, versioned detection-as-code across broad estates. Databricks is shipping Lakewatch into a Private Preview and framed the launch alongside a series of recent acquisitions and model partnerships as part of a broader agentification strategy.
Architecture and Capabilities
Lakewatch treats security as a data-problem: telemetry is consolidated into a searchable lakehouse where automated agents triage, enrich, and investigate signals at scale. The platform emphasizes detection-as-code, rule versioning, and policy enforcement tied to a centralized catalog for lineage and governance. Integration points span existing telemetry pipelines, vendors, and orchestration tools so organizations can feed the lakehouse without wholesale replatforming. Databricks says Lakewatch pairs model integrations (including work with Anthropic), performant search, and agent authentication to support large-scale threat hunting and automated remediation.Ecosystem, Acquisitions and Product Convergence
Lakewatch arrives as part of a wider Databricks push to embed agentic workflows across the platform. The company has been assembling complementary capabilities through multiple acquisitions — including specialist teams focused on agent authentication and large-scale search/detection (named in prior disclosures as Antimatter and SiftD.ai) and other buys in adjacent areas such as Neon and Quotient AI for database and continuous-evaluation capabilities. That acquisition strategy—combined with model partnerships and integrations across the partner ecosystem—aims to stitch together storage, runtime, search, and continuous evaluation so agents can operate with catalog-aware governance and audit trails.Commercial and Strategic Posture
Databricks frames Lakewatch as both cost- and scale-oriented: it aims to materially reduce per-unit ingestion cost, enable longer data retention for forensic depth, and automate alert triage to cut analyst workload. The launch is consistent with the company’s broader product momentum — management has reported a roughly $5.4 billion revenue run-rate and has raised significant private financing and credit capacity to accelerate product integration. That depth of capital underwrites an aggressive push to couple agent-driven UX, governed data access, and low-latency model runtimes.Risks, Governance and Safety Tensions
While Lakewatch promises automation and consolidation benefits, it inherits the industry tension between agentic productivity gains and enterprise demand for runtime observability and safety. Recent product launches across Databricks emphasize catalog-aware agents and continuous evaluation (e.g., Genie Code and Quotient AI integrations), signaling the vendor intends to pair usability with governance. Still, practical constraints remain—schema normalization across vendors, secure agent provenance, encrypted payload inspection, and auditability at scale—and organizations should budget for integration and governance lift to avoid creating new blind spots during onboarding.Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Databricks launches Lakebase — a serverless OLTP platform that rethinks transactional databases
Databricks unveiled Lakebase, a serverless operational database that runs PostgreSQL-compatible compute over lakehouse storage to make transactional data immediately queryable by analytics engines. Early customers report dramatic cuts in application delivery time, while the architecture reframes database management as a telemetry and analytics problem suited to programmatic provisioning and AI-driven agents.
Databricks leans into AI-driven growth as revenue run-rate passes $5.4B
Databricks reported a $5.4 billion revenue run-rate with 65% year-over-year growth and says AI products now generate more than $1.4 billion of annualized revenue. The company closed a $5 billion private financing at a $134 billion valuation, added a $2 billion credit facility and is prioritizing agent-ready interfaces, governance and safety as it competes with Snowflake, model hosts and AI-native entrants.
Databricks launches Genie Code and acquires Quotient AI to automate data engineering
Databricks introduced Genie Code, an agentic platform that automates pipeline construction, debugging, and production maintenance, and acquired Quotient AI to embed continuous agent evaluation. Backed by strong financials — a reported $5.4B revenue run-rate, recent private financing and a credit facility — Databricks is investing to couple agent automation with governance and safety controls while racing competitors to convert usage into durable, contracted revenue.
OpenAI Acquires Promptfoo to Harden AI-Agent Security
OpenAI bought Promptfoo to embed prompt- and agent-testing into its Frontier and agent orchestration tooling, accelerating in-house validation while heightening concerns about shrinking vendor-neutral red-team capacity and multi-vendor procurement dynamics in enterprise and defense.
Cylake secures $45M seed to deliver on‑premises, AI‑native security
Cylake closed a $45M seed round led by Greylock Partners to build an AI-native security platform that runs fully on‑premises or in private clouds. The startup targets regulated buyers demanding data sovereignty , with general availability planned for early 2027.
Runlayer introduces enterprise governance for OpenClaw agent security
Runlayer released a commercial governance layer that discovers unmanaged OpenClaw agents and enforces low-latency controls to stop dangerous tool calls and credential exfiltration. The product combines endpoint/cloud discovery, SIEM integration, identity-aware policy enforcement and sub-100ms interception; internal tests and customer pilots show large gains against prompt-based takeovers and exfiltration chains.
Snowflake launches Cortex Code — an AI coding agent that reads enterprise data context
Snowflake introduced Cortex Code, an AI assistant that embeds enterprise dataset metadata, governance and pipeline awareness into developer workflows. The tool is available as a CLI for local editors today and will appear in Snowflake’s web UI soon; it builds on Snowflake’s model‑partner strategy (including deals that surface external LLMs inside the platform) but raises familiar questions around compute costs, procurement and auditability as agent‑style tooling gains traction.
PwC and Google Cloud Pledge $400M to Scale AI-Driven Security Operations
PwC and Google Cloud will invest $400 million over three years to embed Google's threat telemetry and security tools into PwC’s transformation and managed services, aiming to accelerate AI-enabled detection and response across hybrid and multi-cloud estates. The move signals a push to industrialize AI in security operations, intensifying competition among cloud providers and managed security vendors while raising questions about vendor concentration and operational governance.