AI has given hackers tools to wage more sophisticated attacks – and they're doing it faster than ever.
To help companies fight back, Databricks has unveiled a preview of its agentic SIEM (security information and event management) tool that's powered in part by Anthropic's Claude models.
The average time from spotting a flaw to developing an exploit has fallen from 23 days last year to 1.6 this year, the company noted, citing data from ZeroDayClock.
That means manual testing is no longer fast enough, and such techniques become a bottleneck. Research from CrowdStrike backs that up, showing AI-enabled attacks are up 89% from last year – and they're happening faster than ever.
"Security teams can no longer rely on manual workflows to outpace AI-driven attacks," said Ali Ghodsi, co-founder and CEO of Databricks.
"With Lakewatch, we are giving enterprises a new open data architecture and agentic capabilities to replace stagnating SIEM tools," Ghodsi added. "Defenders must have even better visibility and speed than today’s agent attackers."
AI is changing the game when it comes to security, and has led to a "fundamental shift" in data privacy and governance, according to a Cisco study. A separate Zscaler report revealed how attack surfaces are expanding at a rapid pace because of enterprise AI adoption.
Databricks has also announced the acquisition of Antimatter, a UC Berkeley spin-out which specializes in agent authentication, and SiftD.ai, created by Splunk lead architects for large-scale detection engineering.
Designed with "open formats" and an "open ecosystem", Databricks said Lakewatch lets users avoid vendor lock-in while also pulling in a range of data types for analysis against attacks.
That includes video and audio, key to spotting social engineering and insider threats, the company noted. These capabilities come at a crucial time, Databricks noted, amidst the rise of AI-powered attacks using the cloned voices of executives to fool victims.
The increase in data volumes is another problem facing security professionals. Large companies generate huge amounts of security data daily – which comes with a cost as traditional SIEMs create a "financial penalty" by tying storage to compute.
"Teams respond by limiting ingestion, filtering data through routing layers, deleting historical data, and ignoring multimodal sources like chat logs and video entirely," the company said in a blog post.
"This creates a dangerous asymmetry: attackers use AI agents to analyze everything and attack anywhere, while defenders see only a fraction of their own data."
Lakewatch addresses that by applying the idea of the "lakehouse", allowing data to be analyzed where it's stored.
"You can ingest and retain 100% of your security telemetry (including multimodal data), analyze it alongside all your business data, and deploy AI-powered agents for detection and response at a fraction of legacy costs," the company added.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
LiteLLM PyPI compromise: Everything we know so far
The UK’s AI ambitions depend on channel partners
Databricks wants to train 100,000 people in AI across the UK and Ireland – here's how to get involved
Databricks valuation jumps to over $100 billion amid Series K investment round – here’s how it got there
Databricks continues EMEA growth drive with double leadership appointment
