Databricks Announces Lakewatch: New Open, Agentic SIEM

The storage/ownership side of this makes sense. The part I’m more sceptical of is the agentic layer once it starts influencing detections and response.

The post is not just talking about natural-language search. It is talking about AI helping ingest data into OCSF, author new detections, modify existing rules, and support agentic investigation/response. That is where drift, approval, auditability and rollback matter more than the demo.

The Antimatter acquisition is probably the most interesting part of the announcement. If defensive agents are going to sit close to your security telemetry and workflows then their authz/authn model is pretty centrally important.