Databricks agrees to buy Panther Labs in security expansion

Databricks agreed to buy Panther Labs as the data analytics company pushes into cybersecurity and tries to win budget from security operations teams that use products from CrowdStrike, Splunk and other incumbents, Reuters reported.

The San Francisco company did not disclose terms. Panther reached a $1.4 billion valuation after investors put $120 million into the company in a 2021 Series B round, according to Reuters. Databricks Chief Executive Ali Ghodsi told Reuters that attackers now use AI to exploit software flaws in less time, which forces defenders to respond with agent-based tools.

The deal gives Databricks a security data product that fits its broader pitch: companies should keep more operational data in one lakehouse, then run analytics, governance and AI agents against that shared base. Security teams use Panther to bring logs, alerts and other signals into one place, then detect threats and route responses from that data.

Databricks has spent the past several years buying pieces that expand its data and AI platform beyond analytics. The company bought MosaicML in 2023 to strengthen model training, Tabular in 2024 to add data management talent and Neon in 2025 to add serverless Postgres for developers and agents. Panther adds a security operations layer, a market where customers spend large sums because breaches, compliance failures and alert overload create board-level risk.

Security also gives Databricks a direct way to argue that data architecture now shapes cyber defense. Large companies store security signals across cloud services, endpoint tools, identity systems, code repositories and internal apps. Analysts often lose time moving data between tools or querying systems with different schemas. Databricks can use Panther to argue that customers need one governed data layer before AI agents can investigate threats, write detections or trigger response steps.

The strategic target reaches beyond security information and event management, the category Splunk helped define. Splunk, now part of Cisco, built a large business by helping companies search machine data and security logs. CrowdStrike grew from endpoint protection into a broader security platform. Databricks wants to enter that budget conversation from the data side, where it already sells to chief data officers, engineers and AI teams.

Panther also gives Databricks a clearer story for AI agents in enterprise operations. Many agent demos still center on chat, document search or software coding. Security offers a sharper use case because analysts face repetitive triage work, time pressure and large streams of machine data. An agent that can read logs, compare signals, draft a detection rule and recommend containment steps has a business case that a security chief can measure.

The risks come from execution. Security buyers expect reliability, audit trails and integration with existing tools. Databricks will need to show that Panther can work inside complex security stacks without forcing customers to replace systems at once. The company also has to convince buyers that agentic response will reduce analyst workload without creating new failure modes.

The acquisition puts Databricks closer to the security operations center at a time when AI has changed both attack speed and defense expectations. If Databricks integrates Panther into its lakehouse platform with strong governance and usable workflows, the company can turn security data into another reason for customers to consolidate more workloads on its platform.