At the Databricks Data + AI Summit 2026, one message came through clearly: Enterprise AI is moving beyond agent demos and into agent operations. Databricks is no longer positioning its Lakehouse platform only as the place to store, query, and govern data but as the place where agents do the work of the business—under governance.

Key announcements at the summit pointed to five reinforcing shifts: 

• Context as production infrastructure. Genie Ontology and an expanded Unity Catalog give agents a machine-readable model of what the business’s data means.
• A control plane, not just AI features. Genie One, Omnigent, and Unity Catalog coordinate agent behavior at runtime, not just data access.
• Live truth as AI infrastructure. LTAP, Lakehouse//RT, and Lakeflow cut copies so agents act on fresh, governed data.
• Security on both sides. Unity AI Gateway guards agent interactions while Lakewatch and Panther run security operations as an agentic workload.
• Applications moving to the data layer. CustomerLake and OpenSharing embed line-of-business software directly in the governed Lakehouse.

Context architecture moves from metadata project to production stack

Genie Ontology is the live context layer that encodes how the business defines its own metrics and terms—not just the data, documents, applications, and people it connects. Unity Catalog is expanding in parallel, with capabilities across Unity AI Gateway, Glossary, Domains, Metrics, Lineage, Governance Hub, cross-cloud addressability, and global governance.

The most important enterprise AI asset may not be the model or even the raw data. It is the layer that tells agents what the data means, which sources to trust, how the business defines its metrics, which policies apply, and what actions are appropriate, because agents will rely on it to make decisions, write code, recommend actions, and trigger workflows.

When this layer is working correctly, the payoff compounds. Agents receive precise data with less noise and lower hallucination risk, reasoning over curated context rather than disconnected data sets and dramatically reducing token costs. Because the context lives in a shared, machine-readable layer, a metric defined once is inherited by every agent, so behavior stays consistent and auditable instead of being reimplemented for each use case. And because that layer is decoupled from any single model, teams can swap or combine frontier models without reteaching them the business, turning context into a durable asset.

This is essentially the bet Palantir has made for years with its Foundry Ontology, which binds data, business logic, and actions into a single semantic model so that applications—and, increasingly, AI agents—operate against a governed representation of the enterprise rather than raw tables.

Databricks is building a control plane, not just adding more AI features

For years, the data platform was where organizations consolidated information so humans could analyze it. Dashboards, notebooks, SQL warehouses, ML workspaces, and governance catalogs were built around a human operating model: ask, query, inspect, decide, act.

Agents do not simply consume data. They interpret context, call tools, create code, modify workflows, trigger apps, and optimize systems, requiring a platform that coordinates not only data access but agent behavior.

Genie One is the clearest expression of this shift: an agentic coworker for every team, built on Genie Ontology and connecting enterprise data, documents, applications, and people. Genie Agents, App Builder, Code, and ZeroOps extend it into reusable agents and into engineering, analytics, ML, and operations, all governed through Unity Catalog.

Omnigent adds an orchestration layer above coding agents and harnesses—an open-source, Apache 2.0 meta-harness to compose agents, share sessions, enforce policy, and manage cost and security across multi-agent workflows. More broadly, it reflects an industry shift toward switching flexibly across frontier models while preserving shared context.

Governance becomes a runtime guardrail rather than after-the-fact cleanup, so every tool call, code change, and token spent runs under policy and audit by default; autonomy scales without losing control. Coordination close to the data lets one workflow combine multiple agents and models rather than locking each task to a single stack, turning agent sprawl into a governed, observable fleet.

This is where Databricks’s bet diverges from others. Orchestration frameworks like LangChain and LangGraph give developers flexible, model-agnostic tooling for multi-agent workflows, but they sit above the stack, leaving governance, lineage, and cost control to whatever platform hosts them. Enterprise assistants come from the other end, connecting company apps and content into a strong context layer with their own agent builder, but they ride on top of existing data systems rather than owning the data foundation. Databricks argues that this plane belongs where governed data already lives—folding orchestration, agent building, context, and runtime governance into one place.

Live truth becomes AI infrastructure

Databricks has also moved live, real-time data to the center of the AI stack, as highlighted in three announcements. LTAP (Lake Transactional/Analytical Processing) combines Lakebase, a serverless Postgres-compatible operational database, with the Lakehouse to unify transactional, analytical, streaming, and operational data under one governed foundation. Lakehouse//RT, powered by the Reyden compute engine, delivers millisecond latency analytics directly on governed Delta Lake and Apache Iceberg data without copying it into a separate serving system. And Lakeflow unifies ingestion, transformation, and orchestration under Unity Catalog.

Agents change what an enterprise can tolerate. A dashboard could run a few hours stale as long as humans understood the latency. An autonomous system has no such margin: Acting on stale, duplicated, or inconsistently governed data, it can make the wrong recommendation, trigger the wrong workflow, or miss a security threat. The architectural goal is clear—reduce the places data must be copied, re-permissioned, remodeled, and reconciled before agents can act.

Fewer copies mean fewer chances for an agent to act on the wrong version of the truth, and freshness, policy, and lineage travel with the data instead of being reconciled after the fact. Agents reasoning over live state move from reporting what happened to acting on what is happening. Not every copy disappears—some remain necessary for performance, sovereignty, or resilience—but every copy now needs a reason, a freshness contract, a policy model, and a reconciliation strategy. The advantage goes to whoever can put agents closest to live, governed truth.

Security becomes both the guardrail for agents and a Databricks workload

The security story at the summit ran broader than any single announcement. Databricks is making a two-part security bet: secure the agents and run security operations as an agentic workload on the Lakehouse.

The first side is AI runtime security. Unity AI Gateway gives organizations a way to centrally govern models, agents, MCP (Model Context Protocol) services, skills, tools, cost, monitoring, and policies. Databricks highlighted spend visibility, granular attribution, hard spend caps, intelligent model routing, tracing, guardrails, and investigation workflows.

This is not traditional data security. The object being governed is no longer only a table, file, dashboard, or model endpoint but an agent interaction: a prompt, a response, a tool call, an MCP invocation, a code-generation session, or an autonomous action.

The second side is security operations. Lakewatch is Databricks’s agentic SIEM (security information and event management) solution. Built on the security Lakehouse, it unifies security, IT, and business data in a governed environment, using AI agents for detection, investigation, triage, and response. The planned acquisition of Panther strengthens that move with more than 100 security integrations, detection-as-code, and AI SOC (security operations center) workflows.

The two bets reinforce each other: AI security and security AI converge into one fabric. The same platform that governs the agents a company builds also helps defend against the agents attacking it. Policies are defined once and reused across both; agent spend is bounded by routing and hard caps; and security, IT, and AI telemetry are investigated together instead of in silos. That is why Unity AI Gateway, Unity Catalog, Lakewatch, Panther, identity controls, partner integrations, and trace observability should be read as one security architecture rather than separate product updates.

Enterprise applications start moving to the data layer

Announcements regarding CustomerLake, Lakewatch, Apps on Databricks Marketplace, and OpenSharing may be the most telling about where the company wants to go next. They suggest an inversion of enterprise software architecture.

CustomerLake is the clearest line-of-business application example—an agentic customer data platform embedded directly in the Lakehouse, combining customer data, AI models, agents, identity resolution, audience creation, activation, and personalization. It also introduces infinity campaigns, where agent loops continuously react to customer context in real time.

Lakewatch does something similar in security. Instead of sending security telemetry into a separate SIEM silo, Databricks wants security operations to run on the governed security Lakehouse, where security, IT, business, and AI telemetry can be joined and investigated at scale.

That is a provocative shift for technical buyers. It could reduce data movement and simplify governance but also change procurement, security review, vendor architecture, and operating models. The more applications run inside the governed data environment, the more the data platform becomes an application platform by default.

Final thoughts

The Databricks Data + AI Summit 2026 was not just a product launch cycle. It was an argument about where the enterprise AI stack is headed.

Across the summit, Databricks made the case for a stack built on four inseparable layers: a live data layer (LTAP, Lakebase, Lakehouse//RT, Lakeflow); a context layer that gives agents a machine-readable understanding of the business (Genie Ontology and Unity Catalog); an agent execution layer that lets every team build and run agents (Genie One, Agent Bricks, Omnigent); and a runtime governance and security layer that controls what agents can see, do, spend, and change (Unity AI Gateway, Lakewatch, Panther). These layers only work together because each depends on the one below it: Agents are only as useful as their context, context is only as trustworthy as its governance, governance is only effective at runtime, and runtime control is only meaningful when agents act on live data.

This is why “data platform” increasingly undersells the ambition; the better description is “agentic enterprise control plane.”