What is the official website of Databricks ?

The official website of Databricks is https://databricks.com.

What is Databricks's cybersecurity risk score?

Databricks has an AI-generated cybersecurity risk score of 795 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Databricks experienced?

According to Rankiteo, Databricks currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Databricks been affected by any supply chain cyber incidents ?

According to Rankiteo, Databricks has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Databricks have SOC 2 Type 1 certification ?

According to Rankiteo, Databricks is not certified under SOC 2 Type 1.

Does Databricks have SOC 2 Type 2 certification ?

According to Rankiteo, Databricks does not hold a SOC 2 Type 2 certification.

Does Databricks comply with GDPR ?

According to Rankiteo, Databricks is not listed as GDPR compliant.

Does Databricks have PCI DSS certification ?

According to Rankiteo, Databricks does not currently maintain PCI DSS compliance.

Does Databricks comply with HIPAA ?

According to Rankiteo, Databricks is not compliant with HIPAA regulations.

Does Databricks have ISO 27001 certification ?

According to Rankiteo,Databricks is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Databricks operate in ?

Databricks operates primarily in the Software Development industry.

How many employees does Databricks have ?

Databricks employs approximately 14,231 people worldwide.

Does Databricks own any subsidiaries ?

Databricks presently has no subsidiaries across any sectors.

How many LinkedIn followers does Databricks have ?

Databricks's official LinkedIn profile has approximately 1,113,713 followers.

What is the NAICS classification code for Databricks ?

Databricks is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Databricks have a Crunchbase profile ?

No, Databricks does not have a profile on Crunchbase.

Does Databricks have a LinkedIn profile ?

Yes, Databricks maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/databricks.

How many cybersecurity incidents has Databricks experienced ?

As of June 16, 2026, Rankiteo reports that Databricks has not experienced any cybersecurity incidents.

How many peer or competitor companies does Databricks have ?

Databricks has an estimated 30,086 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Databricks

Boost Score +25 with badge (5 left)

795

/1000

Fair

820

/1000

Good

Databricks Vendor Cyber Rating & Cyber Score

databricks.com

Add Your Compliance Badge

Databricks is the Data and AI company. More than 20,000 organizations worldwide — including adidas, AT&T, Bayer, Block, Mastercard, Rivian, Unilever, and over 60% of the Fortune 500 — rely on Databricks to build and scale data and AI apps, analytics and agents. Headquartered in San Francisco with 30+ offices around the globe, Databricks offers a unified Data Intelligence Platform that includes Agent Bricks, Lakeflow, Lakehouse, Lakebase and Unity Catalog. --- Databricks applicants Please apply through our official Careers page at databricks.com/company/careers. All official communication from Databricks will come from email addresses ending with @databricks.com or @goodtime.io (our meeting tool).

Databricks A.I CyberSecurity Scoring

Scoring History

Databricks

Databricks CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

Databricks Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Databricks

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Databricks in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Databricks in 2026.

Incident Types Databricks vs Software Development Industry Avg (This Year)

No incidents recorded for Databricks in 2026.

Incident History - Databricks (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Databricks Subsidiaries

Parent Company

Databricks

Software Development

Website: https://databricks.com

Company Size: 5,001-10,000 employees

No subsidiary data available for this company.

Loading…

Databricks Similar Companies

Instagram

instagram.com

More than one billion people around the world use Instagram, and we’re proud to be bringing them closer to the people and things they love. Instagram inspires people to see the world differently, discover new interests, and express themselves. Since launching in 2010, our community has grown at a rapid pace. Our teams are growing fast, too, and we’re looking for talent across engineering, product management, design, research, analytics, technical program management, operations, and more. In addition to our headquarters in Menlo Park, we have thriving offices in New York City and San Francisco where teams are doing impactful work every day.

PhonePe

cb phonepe.com

PhonePe Group is India’s leading fintech company, proudly recognized as India’s #1 Trusted Digital Payments* Brand for three consecutive years. Our flagship product, the PhonePe app was launched in August 2016, has rapidly become the preferred consumer payments app in India. In just eight years, PhonePe has gained over 57 crore + registered users and established a digital payments acceptance network of over 4 crore+ merchants spread across Tier 2,3 cites and beyond, covering 99% of the postal codes in the country. Building on our leadership in digital payments, PhonePe Group has expanded into financial services—including insurance, lending, and wealth management—along with new consumer tech ventures such as Pincode, a hyperlocal ecommerce platform, Indus App Store - India’s first localized app store, and Share.Market- A wealth and investment platform (app & website), catering to investors and traders needs. Headquartered in India, PhonePe Group aligns its diverse portfolio of businesses with our vision We're committed to empowering every Indian by unlocking the flow of money and providing equal access to easy & secure payments and financial services.

PayPal

paypal.com

We're championing possibilities for all by making money fast, easy, and more enjoyable. Our hope is to unlock opportunities for people in their everyday lives and empower the millions of people and businesses around the world who trust, rely, and use PayPal every day. For support, visit the PayPal Help Center. https://payp.al/help For employment opportunities, check out our job openings in the 'Jobs' tab. We're an equal opportunity employer that welcomes diversity, and offer generous benefits to help you thrive at work and in your free time. NMLS#910457: https://nmlsconsumeraccess.org/

[24]7.ai

cb 247.ai

[24]7.ai™ customer engagement solutions use conversational artificial intelligence to understand customer intent, enabling companies to create personalized, predictive, and effortless customer experiences across all channels; attract and retain customers; boost agent productivity and satisfaction; and drive revenues while lowering costs. The world’s largest and most recognizable brands use [24]7.ai intent-driven technologies to serve several hundred million visitors through billions of conversations annually, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit: www.247.ai. [24]7.ai is based in Campbell, California. [24]7.ai is a registered trademark of 24/7 Customer, Inc.

Dassault Systèmes

3ds.com

Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create sustainable innovations that drive meaningful impact. For more information, visit: https://www.3ds.com

IDEMIA

cb idemia.com

IDEMIA Secure Transactions (IST) is a leading provider of payment, connectivity, and cybersecurity solutions, serving billions of people worldwide. With decades of expertise in cryptography and credential issuance, IST is trusted by over 2000 financial institutions, mobile operators, automotive manufacturers, and IoT providers worldwide. IST is a division of IDEMIA Group. IDEMIA Public Security, another division of IDEMIA Group, is the premium provider of convenient and trusted biometric-based solutions, transforming public and private organizations across the globe. Follow them here: https://www.linkedin.com/company/idemia-public-security/

Epic

epic.com

Join us in our mission to help the world get well, help the world stay well, and help future generations be healthier. We hire smart and motivated people from all academic majors to code, test, and implement healthcare software that hundreds of millions of patients and doctors rely on to improve care and ultimately save lives around the globe. No healthcare experience is necessary; we'll train you to be an expert in health IT and we'll provide you with personal development classes to grow as a professional. Our expectations for you are high, but in healthcare so are the stakes.

Zoho

zoho.com

Zoho offers beautifully smart software to help you grow your business. With over 100 million users worldwide, Zoho's 55+ products aid your sales and marketing, support and collaboration, finance, and recruitment needs—letting you focus only on your business. Zoho respects user privacy and does not have an ad-revenue model in any part of its business, including its free products. Zoho Corporation is privately held and profitable, with its headquarters in Chennai, India, and offices across the globe.

Loading…

NEWS

Databricks CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 30, 2026 10:58 AM

TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform

Databricks is currently investigating an alleged security compromise connected to the massive TeamPCP software supply chain attack after...

Read Article

March 27, 2026 06:14 AM

RVI Fund Eyes Best Week Ever — Retail Chases Databricks Pre-IPO Exposure

Databricks raised $4 billion at a $134 billion valuation in December and launched its LakeWatch cybersecurity platform this week.

Read Article

March 27, 2026 12:36 AM

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

The agentic SIEM shifts costs from ingestion to compute, promising cheaper retention and deeper analytics on enterprise security data.

Read Article

March 26, 2026 10:30 PM

Security hot issue: Tech firms crowd into cybersecurity market

More tech companies that are not primarily known for security are increasing their influence in the cybersecurity market.

Read Article

March 26, 2026 03:26 PM

Databricks unveils agentic security platform to fend-off AI threats

The data and AI provider's launch of Lakewatch comes amid rising concerns over cyberattacks fueled by agentic AI.

Read Article

March 25, 2026 08:29 PM

Don't bet on Databricks being done

Databricks is diving into the highly competitive cybersecurity market, an interesting move for a private company already valued at $134...

Read Article

March 25, 2026 05:42 PM

IPO Prospect Databricks Buys Two Startups to Power New AI Security Platform

Databricks, a leading data and AI company, has acquired two cybersecurity startups, Antimatter and SiftD.ai, to underpin the launch of its...

Read Article

March 25, 2026 03:54 PM

Databricks Enters Cybersecurity Market With Lakewatch SIEM Platform

Security. by Ali Azhar | March 25, 2026. Shares. Press play to listen to this content. 0:00. -:--. 1x. Playback Speed.

Read Article

March 25, 2026 03:51 PM

Databricks Lakewatch to unleash agentic swarms on malware detect-and-destroy missions

Databricks is becoming an active malware hunter with Lakewatch - swarms of agents hunting down malware in customer-owned lakehouses storing...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…

Badge your company to reduce your risk score and your cyber insurance costs!

Trusted by insurers. Chosen by leaders.

Databricks Vendor Cyber Rating & Cyber Score

Databricks A.I CyberSecurity Scoring

Databricks CyberSecurity News & History

Databricks Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Incident Predictions locked

A.I Risk Score Likelihood 3 - 6 - 9 months

A.I. Risk Score Predictions locked

Underwriter Stats for Databricks

Incidents vs Software Development Industry Avg (This Year)

Incidents vs All-Companies Average (This Year)

Incident Types Databricks vs Software Development Industry Avg (This Year)

Incident History - Databricks (X = Date, Y = Severity)

Databricks Subsidiaries

Parent Company

Databricks

Databricks Similar Companies

Instagram

PhonePe

PayPal

[24]7.ai

Dassault Systèmes

Meta

IDEMIA

Epic

Zoho

Databricks CyberSecurity News

TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform

RVI Fund Eyes Best Week Ever — Retail Chases Databricks Pre-IPO Exposure

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

Security hot issue: Tech firms crowd into cybersecurity market

Databricks unveils agentic security platform to fend-off AI threats

Don't bet on Databricks being done

IPO Prospect Databricks Buys Two Startups to Power New AI Security Platform

Databricks Enters Cybersecurity Market With Lakewatch SIEM Platform

Databricks Lakewatch to unleash agentic swarms on malware detect-and-destroy missions

Global CVEs (Not Company-Specific)

Access Data Using Our API

What Do We Measure ?

These are some of the factors we use to calculate the overall score:

Rankiteo

Databricks CyberSecurity News & History

Databricks Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Incident Predictions locked

A.I Risk Score Likelihood 3 - 6 - 9 months

A.I. Risk Score Predictions locked

Underwriter Stats for Databricks

Incidents vs Software Development Industry Avg (This Year)

Incidents vs All-Companies Average (This Year)

Incident Types Databricks vs Software Development Industry Avg (This Year)

Incident History - Databricks (X = Date, Y = Severity)

Databricks Subsidiaries

Parent Company

Databricks

Databricks Similar Companies

Instagram

PhonePe

PayPal

[24]7.ai

Dassault Systèmes

Meta

IDEMIA

Epic

Zoho

Databricks CyberSecurity News

TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform

RVI Fund Eyes Best Week Ever — Retail Chases Databricks Pre-IPO Exposure

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

Security hot issue: Tech firms crowd into cybersecurity market

Databricks unveils agentic security platform to fend-off AI threats

Don't bet on Databricks being done

IPO Prospect Databricks Buys Two Startups to Power New AI Security Platform

Databricks Enters Cybersecurity Market With Lakewatch SIEM Platform

Databricks Lakewatch to unleash agentic swarms on malware detect-and-destroy missions

Global CVEs (Not Company-Specific)

Access Data Using Our API

What Do We Measure ?