Architecting Agentic Security: Scaling Threat Detection with LLM and Lake house Architecture

When new threat intelligence lands, attackers are already moving. Adobe’s security team needed more than automation, so we built an agentic security platform that ingests data, orchestrates hunts, and surfaces detections with minimal human intervention. Using reasoning, agents analyze threats, validate attack paths, and execute fleet sweeps, reducing threat detection timelines from days to minutes. In this talk, we’ll walk through how we built this system on a lakehouse architecture. Databricks Workflows orchestrate parallel hunt campaigns across various security logs, autonomously triggering jobs and aggregating results. You’ll learn how we designed for agentic behavior, including multi-source ingestion into a single pipeline, workflow orchestration logic that decides when and what to hunt, and production patterns that keep the system reliable at scale. We’ll share architecture and code so you can adapt these agentic security patterns in your own environment.