Databricks acquires Panther, signaling a shift to agentic security workflows
Databricks’ Panther buy pushes security toward agent-run triage, a shift monday.com teams will feel in logs, access controls and audit trails.

Security teams are being pushed toward a different kind of triage, where agents sort alerts before a human ever opens the console. Databricks’ agreement to acquire Panther sharpened that trend, tying its security lakehouse strategy to agentic detection and response and to a broader effort to replace legacy SIEM tools with more automated workflows.
Databricks announced the intent to buy Panther on June 16 during its Data + AI Summit, describing Panther as an AI SOC platform with 100-plus out-of-the-box data integrations, detection-as-code capabilities and agentic SOC workflows. The company also said Panther was founded by the leader of the open source StreamAlert project originally created at Airbnb. The deal builds on Databricks’ earlier security purchases of Antimatter and SiftD.ai and is still subject to customary closing conditions, including regulatory clearances.
For monday.com engineers and product leaders, the signal is less about consolidation than about where security work is heading. If the market is moving toward agent-assisted investigation, the first tasks likely to be automated are the most repetitive ones: pulling in logs, stitching together data sources, flagging suspicious behavior and drafting an initial response. The work that remains human is the work that still carries judgment, including escalation decisions, policy exceptions and deciding whether activity is truly malicious or simply unusual.
That matters inside monday.com because the company already treats auditability as a product issue, not a side function. Its Audit Log is available to admins on the Enterprise plan, and its Audit Log API lets account admins pull events to identify potential security issues, investigate suspicious behavior and protect against unwanted access. monday.com says it serves more than 250,000 customers worldwide, and its trust center lists ISO/IEC 27001:2022, ISO/IEC 27018:2019 and ISO/IEC 27017:2015 certifications. Those controls are not just compliance language. They are part of how a work-OS platform proves that automation can be governed.
The Databricks move also underscores how quickly security buying is being reframed. A separate report said Panther was Databricks’ third cybersecurity startup acquisition since the start of 2026, and that the company was positioning the deal as a challenge to Splunk and CrowdStrike. That kind of competition suggests that enterprise buyers are no longer satisfied with manual triage in a world of faster attacks and larger data volumes. For monday.com, the practical takeaway is clear: as security becomes more agentic, platform teams will be judged on traceability, permissions and the ability to show exactly what every automated action did.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


