Nine products and one acquisition announced across a single morning at Moscone Center. Each solves a different piece of the same problem: getting AI-powered applications from prototype to production without the governance gap killing them in transit.
Every Day Two announcement at Data + AI Summit traces back to a single structural problem: AI that works in a demo fails in production because governance, data access, and cost controls are not built into the architecture from the start. At this summit, Databricks announced nine products and one acquisition, all aimed at closing that gap. This post covers each one, what it does, and why it matters for your organization.
Ali Ghodsi opened Day Two at Databricks' Data + AI Summit the way he ended Day One: with a context argument. The models are not the problem. The gap between what enterprise organizations know and what their AI can actually access is the problem. He framed the Day Two agenda around four pillars: choice, control, cost, and context. Every product announced in the morning sessions is one of those pillars made operational.
This post covers each product announced, what it does, who it is for, and what question it answers for the CIO or CTO evaluating the platform. For the broader strategic read on how these products fit the Switzerland of Data thesis, see the Day Two keynote analysis. For the Day One context and Genie Ontology foundation, see The Models Are Smart Enough. Your Enterprise Isn't Talking to Them.
The Problem Every Product Is Solving
Justin DeBrabant, Director of Product Management at Databricks, opened the Apps session with a slide that named the real challenge more precisely than any product announcement: the prototype-to-production gap. A Sales Ops Manager at a real Databricks customer built an application to streamline a business review process. She pulled in Salesforce data, consumption history, forecasts, and model outputs. She used a vibe-coding tool to build the prototype. It worked. She was excited.
Then she took it to platform engineering. The questions that stopped the handoff were not technical. They were organizational: what are the sharing policies? What are the code dependencies? Who owns the external application programming interface connections? What does this cost at scale? Does she have access to the production data environment at all?
That conversation happens thousands of times across every large organization. DeBrabant said so directly. Platform engineers in the room nodded. The Day Two product slate is the systematic answer to each of those five blockers.
Databricks Apps: What Has Shipped and What Is New
Databricks Apps, launched a year ago, has reached meaningful scale. More than 5,000 customers are using the platform, 150,000 applications have been built, and that represents six-times growth year over year (Databricks; 2026). Hundreds of thousands of users are now interacting with those apps weekly, many of them employees who had no prior engagement with data and AI tools in their daily work.
The customer examples DeBrabant cited were not chosen for press release appeal. Collins Aerospace, a multinational aerospace company building avionics for global airlines, rebuilt its in-flight intelligence platform on Databricks Apps, pulling together system health, content engagement, and passenger satisfaction data across an entire global fleet to anticipate issues before they affect operations. Southwest Airlines moved from a set of scattered tools and judgment calls to a single machine learning-powered application that ranks every active flight in real time by disruption priority, integrating related systems, crew constraints, and passenger connection data into a single score. Joby Aviation, building electric air vehicles, unified demand, inventory, parts, and orders across every manufacturing program so planners can see shortages before they become delays.
Three different industries, three different operational problems, one platform. That breadth is the Apps argument.
A new governance construct that allows organizations to manage thousands of apps through shared policies rather than configuring each application individually. An App Space is a governed container: administrators define which data resources are available, what sharing policies apply, who can access the space, and how usage and costs are tracked. Developers building inside a space can only use what is authorized. They cannot accidentally expose data outside their permission boundary or connect an app to an external system that has not been pre-approved. For organizations anticipating hundreds or thousands of citizen developer apps, this is the scaling layer that makes that volume governable.
Always-on container infrastructure is the right architecture for mission-critical, high-traffic applications. It is the wrong and expensive architecture for an internal tool a team uses twice a month. Serverless Micro VMs address the long tail of lightweight apps by running on fractional central processing unit and memory allocations with dynamic scaling to zero when idle. Process-level isolation is provided through microVM technology, so lightweight does not mean ungoverned. For the citizen developer building a quarterly review tool, the economics shift from a persistent monthly compute cost to consumption-priced infrastructure that costs nothing when no one is using it.
The tool that closes the prototype-to-production gap directly. A developer or citizen developer imports a prototype from GitHub or pastes in screenshots and documents. Genie App Builder reads the App Space context, understands what data sources, compute endpoints, and sharing policies are available, and automatically wires the prototype to live data. It uses Genie Ontology to understand the semantic layer of the business, so the auto-wiring reflects actual data relationships rather than surface-level schema matching. In the live demo, a supply chain inventory app went from a static mockup to a live, data-connected, production-deployed application in minutes. If the prototype requests a data source or integration that is not authorized for that App Space, Genie App Builder surfaces the policy boundary and stops. Governance is enforced at build time, not discovered after deployment.
Machine Learning Gets Its Own Agent Infrastructure
The machine learning session, presented by Mike Del Balso (who described building production machine learning teams at Google, Uber, and Lyft before joining Databricks), started with a diagram that has circulated in machine learning circles for more than a decade: the Hidden Technical Debt in Machine Learning Systems paper from Google, showing that the actual machine learning code in a production system is a small red box surrounded by an enormous surface area of data pipelines, serving infrastructure, monitoring systems, and operational tooling.
The argument Del Balso made is worth taking seriously. Agents have transformed software engineering. They have not had the same effect on machine learning operations, for two reasons: most organizations lack the infrastructure to run the complete machine learning lifecycle in an automated loop, and agents lack the context they would need to make the same quality decisions a senior machine learning engineer would make.
A new compute type within the Databricks platform providing on-demand graphics processing unit access for deep learning model training and large language model fine-tuning, with no upfront commitment. Multi-node training is supported, meaning organizations can now build models at arbitrary scale within the same platform where their data already lives. Merck's drug discovery work, referenced by Ghodsi during Day One, runs on this infrastructure. Hundreds of companies have already migrated deep learning workloads to the platform since the soft launch.
An enhanced set of capabilities within Genie Code specifically trained on Databricks' accumulated machine learning production knowledge, which the company claims is the largest repository of real-world machine learning operations of any platform. Genie Code for Machine Learning is integrated with Genie Ontology, which means it can navigate an organization's existing notebooks, training scripts, MLflow experiments, Unity Catalog tables, and feature stores to build models that fit existing team patterns rather than generic best practices. The claimed result: Danfoss, a multinational engineering company, went from starting a project to a complete production machine learning system in 90 minutes. The category of projects that used to take weeks or quarters.
"Instead of getting problems given to you all the time, Genie Zero Ops gives you solutions. It monitors every model continuously, investigates issues, and resolves them autonomously, while still leaving your team in the loop to approve before anything deploys."
Mike Del Balso, Director of Product Management, Databricks, Data + AI Summit, June 17, 2026The announcement Del Balso called the biggest launch in machine learning in ten years. Where conventional monitoring systems detect an anomaly and alert a human, Genie Zero Ops detects, investigates root cause, proposes and tests a fix, and presents the solution for human approval before deploying. In the live demo, a ticket sales forecasting model for a sports venue failed at 5:30 on a Friday afternoon. Genie Zero Ops had already been investigating for 30 minutes by the time the user opened her email. It had identified that the model lacked a feature encoding tournament stage in a knockout competition format, discovered that the organization already had the relevant data in Unity Catalog, built the feature, retrained the model with hyperparameter tuning, registered the new version in MLflow, compared it against the old model using the team's existing evaluation criteria, and presented a deployment recommendation. The user approved. Total disruption time measured in minutes rather than the hours or days a manual incident response would have required. Machine learning teams report spending 60 to 80 percent of their time on maintenance rather than building. Genie Zero Ops is the answer to that ratio.
Customer Lake: A CDP Built for the Agentic Era
Tasso Argyros, General Manager of Customer Lake at Databricks, opened the customer data platform session with an observation that is reshaping marketing architecture faster than most marketing teams have registered: buying decisions are no longer made by humans alone. AI agents are increasingly doing product research, price discovery, and purchase execution on behalf of consumers. That changes the unit of personalization from a segment of millions to a segment of one, and it changes the speed requirement from campaigns that run over days to decisions that must happen in seconds.
The session GM described the traditional marketing campaign model, a waterfall from strategy through data engineering through audience creation through content through activation, as structurally incompatible with agentic commerce. Weeks of design work for a campaign that an AI buying agent will process in milliseconds is the wrong architecture. The answer he proposed is what he called an Infinity Campaign: an agent that processes the latest signals from every individual customer, determines the next best action, generates personalized content for that specific person, and updates continuously as customer behavior changes. No start date, no end date, no fixed audience definition.
An agentic customer data platform built natively on the Databricks lakehouse, eliminating the reverse extract-transform-load process that conventional customer data platforms require to move data out of the data warehouse and into a separate marketing system. Customer data never leaves the lakehouse. Two agent types anchor the product. Profile Agents automate the process of building customer 360 data by ingesting first-party data, resolving identities across sources (matching the same customer across email, phone, address, and behavioral identifiers), enriching profiles with third-party data from the Databricks Marketplace, and continuously improving data quality. Campaign Agents handle audience creation through natural language (a prompt in the demo generated an audience of 800,000 qualifying customers from a single sentence specification), manage Infinity Campaigns with per-customer reasoning visible to the marketer, and connect to approximately 20 activation destinations at launch including advertising platforms and marketing management systems. Marketers retain oversight: the campaign agent's decisions, including why it deferred sending to a specific customer at a given moment, are fully visible and adjustable. Customer Lake is in private preview. Organizations interested in early access should contact their Databricks account team.
Lakewatch: Security That Can Match the Speed of AI-Enabled Attacks
The Lakewatch session opened with a threat model that organizations need to internalize. Large language models can now find previously unknown software vulnerabilities in minutes. Anthropic publicly disclosed a case in which hackers used Claude to attack a government system: the agent searched for vulnerabilities, found one, broke in, escalated privileges to root access by exploiting a cron tab entry, searched for sensitive data, and exfiltrated 200 million personnel records and gigabytes of sensitive files. This is not a hypothetical. What previously required a nation-state level team working for months can now be executed by anyone with access to the right model.
The security operations center is structurally underpowered for this threat environment. A typical large organization dealt with 7,000 security alerts per week in 2020. That number has grown to more than 30,000 alerts per week today (Databricks/Lakewatch; 2026). Each alert can take 30 minutes to investigate properly. At 30,000 alerts per week, an organization would need more than 400 analysts working full time just to keep pace, and that number climbs as AI-enabled attacks scale further. The tools most security operations centers use were not designed for this volume or this type of threat.
The conventional security information and event management platform compounds the problem. Storage and compute are bundled, so security teams pay for every byte ingested. The economic result is predictable: teams throw away logs older than 30 days, run filtering tools that discard potentially valuable data, and cannot ingest entire categories of context that would help analysts make better decisions, including large language model interaction logs, code commits, Jira tickets, and Slack messages.
An open, agentic security information and event management platform built on the Databricks lakehouse. Storage and compute are decoupled: data lives in the organization's own cloud storage in open format, and charges apply to work performed rather than data volume stored. This removes the economic disincentive to retain data and enables security teams to bring in all data sources, including the unstructured and semi-structured sources that conventional platforms cannot handle. Agents operate at every stage of the security workflow. On the ingest path, agents automatically apply extract-transform-load normalization and correct ingestion pipelines when schemas change, preventing data gaps. On the detection path, agents help author and refine detection queries. On the investigation path, agents automatically investigate incidents, trace root cause, and present analysts with a full case summary and recommended action, rather than a raw alert requiring manual investigation from scratch. Databricks claims up to 80 percent lower total cost of ownership compared to incumbent platforms, a vendor-supplied figure that organizations should validate against their own data retention and ingestion volumes before treating as authoritative.
Panther Labs, whose chief executive Jack was announced as joining the keynote stage immediately following the Lakewatch session, is a cloud-native security operations platform that Databricks has agreed to acquire. Panther bolsters the Lakewatch engineering team and adds detection-as-code capabilities that complement Databricks' data platform approach to security operations. The acquisition is Databricks' third cybersecurity deal in just over a year, following Antimatter (authentication and authorization for AI agents) and SiftD.ai (founded by the creator of Splunk's search processing language). The pattern is consistent: Databricks is building a security operations capability that treats security data the same way it treats any other enterprise data, governed, queryable, and agent-accessible, rather than as a separate silo requiring separate tooling.
The Vita Foundation Case: What These Products Look Like at Human Scale
Before the machine learning session, a video from the Vita Foundation provided context that the product announcements themselves cannot. Vita is an non-governmental organization delivering clinical care in low- and middle-income countries. The foundation built a custom Genie agent that encodes the clinical expertise of its medical team, accumulated over months and years of field experience, into a queryable knowledge base. Questions that previously required research assistant hours (how many hospitals in a given region have cardiology capability) now return answers in seconds.
The clinical stakes make the governance requirements more visible, not less. When the AI draws on the wrong data or returns a confident-sounding guess, the consequence is not a bad dashboard. It is a clinical decision made with inaccurate information. That is exactly why the context architecture, Genie Ontology, identity resolution, governed data access, and agent tracing, is not a nice-to-have. It is the foundation that determines whether these tools can be trusted at all.
What the Day Two Roster Tells You About Platform Direction
A week of announcements at a single conference is not a product strategy. It is a snapshot. But the pattern across Day Two products is coherent enough to be useful for planning.
Databricks is betting that the enterprise AI deployment failure mode is not model quality. It is the gap between where an organization's data lives, who controls access to it, what it costs to run agents against it at scale, and how fast the security perimeter can be breached once agents have write access to production systems. Every product announced addresses one or more of those four problems.
App Spaces and Genie App Builder address governance at the application layer. Serverless Micro VMs address cost at the infrastructure layer. Genie Code for Machine Learning and AI Compute address the build side of the machine learning lifecycle. Genie Zero Ops addresses the operational side. Customer Lake addresses the marketing and customer data activation layer. Lakewatch and Panther address the security operations layer.
The Unity Catalog governance layer connects all of them. That is the architectural bet: one governance layer, one data residency model, one cost control plane, applied consistently across applications, machine learning, customer data, and security operations. Whether that bet holds as the platform expands into more application categories, and whether the governance layer becomes a lock-in mechanism before organizations notice, is the question that belongs in every procurement conversation with Databricks right now.
The prototype-to-production gap is not a technology problem. It is a governance architecture problem. Databricks answered it with App Spaces, Genie App Builder, Serverless Micro VMs, and a Unity Catalog layer that enforces permissions at build time rather than discovering policy violations after deployment. The question for every CIO is whether that governance layer can actually scale to thousands of citizen developer apps without becoming the new bottleneck it was designed to replace.
Databricks is offering a single governance layer across applications, machine learning, customer data, and security operations. Before committing to that architecture, ask two questions the Day Two keynotes did not answer. First: if your App Spaces, Genie Ontology index, and security data all live in Databricks' platform, what does exit look like and at what cost? Second: Genie Zero Ops will have write access to production machine learning models. What is the human approval process, and what happens if an agent-generated fix is wrong at 3am on a Saturday? Both questions have answers, but they need to be in your contract before pilots become production commitments.
- The Models Are Smart Enough. Your Enterprise Isn't Talking to Them.: Day One keynote: Genie Ontology, Raider engine, format portability, PepsiCo and Mastercard cases (June 16, 2026)
- Databricks Crossed Five Analyst Categories in One Day. Your Vendor Map Is Now Wrong.: Day One strategic read: turf blur, category convergence, what it means for procurement (June 16, 2026)
- Databricks Just Open-Sourced the Layer That Sits Above Your Coding Agents: Omnigent meta-harness: what it does, why open source, governance implications (June 14, 2026)
- Databricks Lakewatch: When Your Data Platform Becomes Your Security Platform: RSA 2026 announcement deep-dive (March 2026)
- Databricks at $5.4B: The Architecture of AI Autonomy: Genie strategy, integration debt risk, acquisition pattern analysis (February 2026)
