Databricks said it has launched Lakewatch, an open agentic SIEM that supports agent-based attack response for organizations. Lakewatch is a service that integrates security, IT, and business data into a single governance environment to support AI-based threat detection and response. It is currently available in private preview.
Lakewatch is designed to collect, store, and analyze multimodal data at scale without vendor lock-in, based on open formats and an open ecosystem. This allows security teams to gain visibility across the organization and use defensive security agents to automate threat detection and response.
Databricks said AI-based threats are evolving in speed and complexity beyond human-centered defense systems. Attackers use agents to continuously probe for vulnerabilities and execute attacks at machine speed, while defenders face limits in response due to incomplete data, manual workflows, and high collection expense.
Lakewatch enables analysis of years of data without movement or replication, and uses multimodal data such as video and audio to identify social engineering attacks, insider threats, and anomalies. It also provides custom security agent building, automated threat classification, code-based detection, and compliance capabilities.
Databricks will deepen its collaboration with Anthropic to embed the Claude model in Lakewatch and is also pursuing acquisitions of Antimatter and SiftD.ai. Ali Ghodsi, CEO of Databricks, said, "We will deliver an open data architecture and agentic capabilities to replace legacy SIEMs."