As cyber threats grow in sophistication and scale, Databricks is redefining how modern enterprises should think about security — both in the cloud and across artificial intelligence-powered systems.
Omar Khawaja, Chief Information Security Officer (CISO) at Databricks, believes the future of cybersecurity lies not in chasing individual incidents, but in managing patterns, risks and data at scale. “We’re a cloud-native, cloud-first organization,” Khawaja explained. “It’s not like we have our own data centers or servers sitting underneath the desk.”
That architectural choice — built entirely on hyperscalers like AWS, Azure, and Google Cloud Platform — eliminates many physical security concerns. But when it comes to data protection and cyber threats, the real challenge is the ever-evolving nature of both the product and the threat landscape.
“If you looked at Databricks 12 years ago, maybe there would be this many controls,” Omar Khawaja said, holding his fingers close together. “Every quarter, we’re adding more and more security controls.” The reasons are layered: from more advanced adversaries, to a more complex product stack, and growing customer expectations – especially from regulated sectors. “Today, we support 15,000 customers, including 60% of the Fortune 500,” he noted. “And they have very stringent security requirements.”
The birth of an agentic AI architecture
Khawaja described the progression from Spark, a distributed computing system designed for large-scale data processing, to the Lakehouse architecture and now to a full AI-native platform as more than just a technical evolution — it’s also a security mandate. “We added Unity Catalog, and more capabilities,” he said. “Alongside those functional capabilities, we also have to add capabilities to actually protect these technologies.”
One of the major turning points in Databricks’ security thinking came with the rise of AI agents. With the introduction of Agent Bricks and an agentic AI architecture, Databricks embraced modular, collaborative agents instead of single, monolithic models. This, according to Khawaja, enhances both functionality and control. “When agents work together to do something complex, we have much better explainability and interpretability,” he explains. “We can actually see what’s happening, stop things, and add guardrails.” The analogy he used was striking: “This starts to look like an organization pre-AI, which is an organization made up of agents that we just called humans.”
To address the security challenges of such AI ecosystems, Databricks built the AI Security Framework – a guidance system that shifts focus from a laundry list of controls to risk-driven prioritization. “ISO 27001 has a list of controls, NIST has a list of controls, HIPAA, PCI, GDPR, DORA… and we have customers that require us to meet all of these and more,” he said. “It’s probably closer to 700 or 800 controls.”
But instead of overwhelming customers, Databricks frames its approach like a doctor’s visit. “You don’t want a list of all the ways to be healthier,” he said. “You want the one or two things that are relevant to your symptoms. Same thing with AI. We start with a list of risks, 62 of them. Then, for each risk, we tell you exactly what the control is and how to implement it.”
The framework is more than theoretical — it’s operational. “We tell you exactly how to implement that control in Databricks, whether you’re running on AWS, Azure, or Google Cloud Platform,” Khawaja explained. The result is a 120-page playbook that he likens to “the bible” for AI risk mitigation.
From ransomware to AI-enhanced attacks
Khawaja also offered insight into the most common threats he sees today. The top risks? Attacks on confidentiality — particularly the theft of credentials and encryption keys. “The most valuable thing that you can steal are keys,” he said. “Because the keys give you access to more rooms that have more valuable items in them.”
Beyond data exfiltration, many customers — especially in healthcare — are concerned about ransomware. “That’s a disruption, not just a distraction,” Khawaja emphasized. “Your business can actually stop.”
Another trend is the abuse of computing resources. “Some attackers try crypto-jacking, where they use your computer resources to mine cryptocurrency, and you end up paying the bill.” But the next wave, he warns, may be even more insidious. “The attacks we fear are integrity attacks,” he said. “If someone goes into a system and makes a change and doesn’t tell you… now that’s hard to detect and potentially devastating.”
As for the impact of AI in the hands of cybercriminals, Khawaja agrees with experts predicting an explosion in threats. “AI tools are accessible to everyone, but the bad guys will use them more effectively,” he warned. “They don’t have to comply with GDPR or DORA. They don’t care about risks. They don’t need procurement reviews.” The result? “The variety and the velocity of attacks is going to be crazy,” Khawaja said.
For him, the solution is clear: cybersecurity must embrace data at scale. “It’s no longer, ‘I’m a security person, I’ll get a security tool.’ It’s: ‘I have a big data problem.’ I need the world’s best data capabilities, tools, and algorithms. That’s why many security companies are building on Databricks.”
Databricks’ cybersecurity efforts are not isolated. “We leverage many threat intelligence feeds and work with third parties,” Khawaja said. “We also participate in Information Sharing and Analysis Centers (ISACs), the sharing and analytics consortiums under the Department of Homeland Security. We share threat indicators, participate with other large tech companies, and stay ahead of what’s happening.”
For Databricks, the message is clear: the threats are growing, and the perimeter is long gone. But with the right architecture, frameworks, and data-driven strategy, AI-driven platforms like Databricks can be both powerful and secure.
