Thirty-eight cybersecurity M&A deals closed in March 2026. That’s not a slow month — that’s the security market continuing a consolidation run that shows no signs of stopping. SecurityWeek’s monthly roundup had the count. But the number itself isn’t the story.

The story is who’s buying.

OpenAI acquired Promptfoo, an AI security testing platform. Databricks launched Lakewatch, an agentic SIEM, and backed it with two acquisitions: Antimatter, which focuses on authentication and authorization for AI agents, and SiftD.ai, founded by the creator of Splunk’s search processing language. Google finalized a major security acquisition it first announced last year.

None of these companies are security vendors. All of them just entered the security market in March.

What OpenAI Is Actually Buying

The Promptfoo deal looks like a defensive move if you squint at it from a distance. OpenAI acquiring a tool that tests AI systems for vulnerabilities — sure, you can file that under “enterprise credibility” and move on.

It’s more than that. Promptfoo’s platform helps enterprises identify and remediate vulnerabilities in AI systems during development. The company said its tools are used by a quarter of Fortune 500 companies, which means the customer relationships are real. OpenAI is folding Promptfoo into OpenAI Frontier — its platform for building and operating AI agents.

The enterprise channel implications: OpenAI is building the infrastructure to sell directly to enterprise security and IT buyers. Frontier is the platform; Promptfoo is the trust layer. If you’re a partner who resells or integrates OpenAI tooling, your clients are about to get pitched a security narrative on top of the AI platform narrative. That’s a different conversation than “use ChatGPT Enterprise.” It’s a security product now.

Databricks Is Coming for Splunk’s Former Customers

Lakewatch is a SIEM. Not a SIEM-adjacent analytics platform with some security features bolted on. A purpose-built SIEM, announced March 24, in private preview now. The pitch: ingest more data, retain it longer, analyze it with AI agents, do it at a fraction of the cost of legacy SIEM vendors.

The data problem Databricks is targeting is real. Their press release puts it directly: high ingestion costs force security teams to discard up to 75% of their data. That creates an asymmetry — attackers can operate at machine speed across the full attack surface, while defenders see only a fraction of their own environment and respond manually. Lakewatch closes that gap, or at least that’s the thesis.

The two acquisitions tell you how serious this is. Antimatter, founded by UC Berkeley security researchers, builds authentication and authorization infrastructure for AI agents — not humans, agents. That’s forward-looking architecture for an environment where your defenders and your attackers are increasingly both running as autonomous AI. SiftD.ai was founded by the people who built Splunk’s search stack. Databricks didn’t just enter the SIEM market. They hired the people who know exactly why Splunk’s architecture has limits, and they’re building the replacement.

Splunk was acquired by Cisco for $28 billion in 2024. If Databricks Lakewatch builds real adoption through 2026 and 2027, that acquisition looks different in retrospect.

What 38 Deals in One Month Tells You

Security M&A at this pace means one thing: the security market is too fragmented to survive the AI era as-is. The 45-tool enterprise security stack is not a destination. It’s a transitional state. Vendors who can consolidate detection, response, AI agent defense, and data infrastructure into a single architecture will win the enterprise contract. Vendors who can’t will get acquired or become irrelevant.

For channel partners, the March activity is a calibration signal. The security vendors you’re reselling today are either building toward consolidation or getting built around by someone who is. Databricks isn’t a channel vendor — not yet, probably not in 2026. But their entry into SIEM, backed by the talent who built modern enterprise search infrastructure, puts pressure on every incumbent you’re currently selling.

There are three questions worth asking about every security product in your stack right now:

Can this vendor defend its architecture against an AI-native competitor that removes the data cost ceiling? What happens to the deal economics when the SIEM contract comes up for renewal and the buyer has seen a Lakewatch demo? If OpenAI and Databricks both end up with enterprise security relationships, how does that change the conversation with your clients who are already deep into their AI deployment?

The Forward Look

The March M&A data doesn’t tell you who wins the AI security stack war. It tells you the war has started, and the combatants include companies that have more capital, more data, and more enterprise relationships than most established security vendors.

For the MSP and channel partner who’s been building a security practice around a familiar stack of vendors, the next 18 months are worth watching closely. Not because your current stack stops working — it doesn’t, not tomorrow. But because the consolidation pressure above you is real, and the vendors who emerge with durable channel programs will be the ones that figured out their AI architecture story early.

OpenAI bought Promptfoo. Databricks launched Lakewatch. Thirty-eight deals closed in one month. The AI giants aren’t coming for the security market. They’ve arrived.

Related: PE Bought the Cybersecurity Sector. Now They Can’t Sell It. | RSAC 2026 Made It Official: Your SOC Is About to Run on Agents