Databricks buys Panther Labs for $134bn to challenge Splunk and CrowdStrike with AI

Databricks, the $134bn data-and-AI company, just picked a fight in a market already dominated by Splunk and CrowdStrike. Its move is straightforward on paper: it said it will buy Panther Labs, a cybersecurity startup, as it pushes deeper into “AI-first” defenses. The pitch is blunt too, aiming at the AI age of cyberattacks with a “fight fire with fire” posture, essentially acknowledging that security tooling has to evolve as quickly as the threats.

This is also Databricks’ third security acquisition, which matters because it turns a one-off experiment into a pattern. If a company only buys one security startup, you can argue it was a test. Three acquisitions, however, reads like a strategy you can build budgets around. Databricks is not just dabbling in security adjacent to its data platform. It is actively trying to compete in the part of the stack where defenders and attackers meet, with outcomes measured in detection, response, and the ability to translate messy real-world behavior into actionable signals.

To understand why this is a big deal, zoom out to how these security markets work. Splunk and CrowdStrike are entrenched because they sit on or near the data paths security teams rely on. Typically, that means collecting telemetry, making it searchable and understandable, and then connecting it to threat intelligence and response workflows. Databricks’ core strength is different. It’s the platform where data gets processed and analyzed at scale, and where machine learning becomes practical. The strategic bet is that Databricks can bring that data-and-AI advantage into security operations, turning raw logs and events into faster, smarter detection and triage.

Now connect that to the headline’s “fight fire with fire” framing. In the AI-era threat landscape, attackers can iterate faster, generate more convincing content, automate reconnaissance, and adapt tactics quickly. Defenders, meanwhile, need systems that can keep up, not just by adding more rules, but by improving how they reason over data. If Databricks believes AI will be central to both attack and defense, acquiring a cybersecurity startup like Panther Labs is one way to compress the learning curve. It is a shortcut to security domain expertise, product capability, and team talent that would otherwise take years to assemble.

Databricks’ acquisition pace also has second-order implications for competitors. When incumbents like Splunk and CrowdStrike face a new challenger, the usual response is product iteration and marketing pressure. But acquisitions can change the math in a different way: they can reshape what the buyer integrates into its platform roadmap. If Databricks can connect its data-and-AI engine with security-specific capabilities, it may lure customers who want an all-in-one path from data ingestion to insight generation and action. Even if customers do not rip-and-replace today, the pressure can show up in procurement cycles later.

There is another angle: security budgets are scrutinized, and regulators care about how risk is managed. While the source does not detail regulatory actions tied to this specific deal, the broader reality is that security tooling is increasingly reviewed through the lens of resilience and accountability. Companies that operate with data at scale tend to be pulled into governance conversations sooner, especially as AI changes how systems are built and audited. For a data-and-AI platform provider like Databricks, entering security competition is not only a technical move. It also brings higher expectations around operational reliability, auditability, and how the tooling affects incident response.

For Databricks decision-makers, the board-level question is simple: does the Panther Labs acquisition strengthen a coherent platform story or create fragmented security features? The fact that this is the third security acquisition suggests Databricks is trying to avoid fragmentation by steadily building a security portfolio with a consistent direction. That direction is competition against the category leaders, specifically mentioned in the source as Splunk and CrowdStrike.

For peers in similar roles, the strategic takeaway is that security is no longer a side quest for platform companies. When a $134bn data-and-AI leader makes a third security acquisition and explicitly targets incumbents, it signals that the market may be shifting toward AI-native security capabilities, delivered through data platforms rather than only through stand-alone security suites.