Databricks Buys Antimatter and SiftD to Power New AI Security Product

The SiftD deal flew together over the last couple of weeks and closed Monday, capping a push by Databricks into enterprise cybersecurity that also relied on a quieter, earlier move: Databricks bought small security startup Antimatter in 2025, whose technology is now part of Lakewatch. Together, the two acquisitions underpin a new product the company launched today aimed squarely at displacing established players in the security market.

Databricks introduced a security information and event management service called Lakewatch, with the privately held company seeing an opportunity to challenge mature cybersecurity vendors using generative artificial intelligence and a pricing system that encourages clients to store lots of data. Lakewatch is now available in Private Preview.

The acquisition rationale for each startup is distinct. Antimatter was founded by UC Berkeley security researchers who laid the foundation for provably secure authentication and authorization for AI agents. Antimatter founder Andrew Krioukov raised $12 million led by New Enterprise Associates in 2022, and Krioukov, who has been at Databricks for months, is now leading the Lakewatch team. SiftD brought a different kind of credibility: SiftD was founded by the creator of Splunk's Search Processing Language and lead architects of Splunk's search stack, bringing deep expertise in large-scale detection engineering and modern threat analytics. Co-founder Reynold Xin said security practitioners value that Splunk heritage precisely because the team members "were instrumental in creating that" user interface and data search technology. Both were small startups, with only a few people in SiftD's case and fewer than 50 for Antimatter, according to LinkedIn. Terms were not disclosed for either deal.

On the product side, Anthropic Claude models help power Lakewatch, using Claude's advanced reasoning capabilities to correlate signals across security, IT, and business data to surface threats faster. Anthropic also uses Databricks for its own security lakehouse to gain complete visibility across its security and business data and detect threats earlier. The Genie AI agent sits at the center of day-to-day analyst work: integrated with Genie, Lakewatch automates triage, plans multi-step approaches, and helps enterprises reduce alert fatigue, leaving more time for analysts to focus on high-impact threats.

CEO and co-founder Ali Ghodsi framed the launch as a response to a structural shift in how attacks are executed. "Security teams can no longer rely on manual workflows to outpace AI-driven attacks," Ghodsi said. "With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools. Defenders must have even better visibility and speed than today's agent attackers."

The pricing model is a deliberate departure from incumbents. Rather than charging based on the amount of data stored, Databricks will determine Lakewatch costs by how much work the software performs. "The prevailing pricing model is at odds with protecting against this avalanche that's coming our way, because it's just too prohibitively expensive to get all your data in there," Ghodsi said. The company says decoupling compute from storage allows customers to retain petabytes of data for years while reducing costs by up to 80%.

The product is currently in private preview and already counts large enterprises such as Adobe and Dropbox as users. If Lakewatch takes hold, it could help Databricks justify its $134 billion valuation to public investors ahead of a public offering; Ghodsi said in December that he would not rule out a 2026 IPO.

Asked whether Databricks planned to keep acquiring startups, a spokesperson said yes, confirming the company "continuously has its feelers out." "We're always looking to what's next, our goal is to stay ahead of the market and close gaps in what our customers need," the spokesperson said.