How to securely scale Genie, serverless, and AI across every cloud
by Jason Wu, Samrat Ray, Filippo Seracini, Alex Esibov, Vijay Raja, Kelly Albano, Robert Zhang and Mia Penfold Lopez
• Securely scale Genie, dashboards, and AI applications with Automatic Identity Management (AIM) for Entra ID now GA on AWS and GCP, AIM for Okta in Public Preview, and new Context-Based Ingress policies.
• Simplify secure connectivity for serverless, operational, and AI workloads with Private Network Gateway and expanded Private Link support for Lakebase and account-level services.
• Expand compliance coverage across AWS, Azure, and Google Cloud with new certifications, regional compliance programs, broader AWS GovCloud support for AI services, and upcoming FedRAMP High support on Azure Commercial.
As organizations scale data and AI, security and compliance teams face the challenge to enable AI innovation without introducing new risk. From Genie and Lakebase to serverless analytics and AI-powered applications, enterprises need security models that can scale beyond manual provisioning, static network controls, and siloed compliance programs.
At Data + AI Summit 2026, we're introducing new security and compliance capabilities designed to make security simpler, more scalable, and more context-aware:
AI is making data accessible to more people than ever before. Business users can now interact with data using natural language, self-service analytics, and AI-powered applications. Organizations need a simpler way to onboard users, govern access, and securely scale these experiences across the enterprise.
**Today, we're excited to announce the General Availability of AIM for Microsoft Entra ID on ** AWS and GCP, extending the seamless onboarding experience already available on Azure Databricks. As organizations expand access to Genie, dashboards, and AI applications, identity management can quickly become a bottleneck. Many teams still rely on manual provisioning, SCIM synchronization, or custom scripts to onboard users and keep permissions aligned. Automatic Identity Management (AIM) removes that friction by automatically provisioning and managing users, groups, and service principals using your identity provider as the source of truth.
AIM also provides a scalable foundation for governing both human and non-human identities, including the service principals that power AI applications and agents. We're also expanding support for additional identity providers, with AIM for Okta on AWS and GCP now available in Public Preview.
When organizations open data and AI tools to more users, security controls increasingly need to make context-dependent access-control decisions for specific Databricks experiences without exposing the entire platform.
**Now in Public Preview on AWS, Azure, and Google Cloud, Context-Based Ingress (CBI) **enables administrators to create flexible, zero-trust access policies based on network source, identity, and access scope. Organizations can safely expose Genie, dashboards, Databricks Apps, and AI Gateway endpoints to users on external networks while keeping the broader workspace protected.
**We're also expanding Inbound Private Link to support account-level resources, **including Genie and the account console, as part of context-based ingress. This will be available in Beta at the end of June 2026.
Customers increasingly rely on the simplicity of serverless infrastructure, but require a simple way to connect to their existing and well-architected networks.
We are excited to announce Private Network Gateway, a new networking capability that extends the simplicity of serverless to private data sources, APIs, and enterprise applications through a single, secure connection between Databricks and your private network. Instead of managing individual connections for every resource, organizations can use Private Network Gateway to securely connect serverless workloads to private networks at scale while maintaining their existing network architecture and security controls. Private Network Gateway is available in Private Preview on Azure Databricks. Reach out to your account team if you are interested in testing it out!
To keep your databases and other data sources private, we're expanding private connectivity support for inbound (frontend) Private Link to Lakebase, Zerobus, and more. This is Generally Available on AWS and in Public Preview on Azure. Customers can maintain network isolation while supporting high-throughput operational and AI workloads.
Databricks continues to expand compliance coverage across clouds, deployment models, and regulated industries, helping customers modernize with confidence.
Organizations can now leverage the simplicity and elasticity of serverless while maintaining the same compliance posture available on classic compute. You can find the full list of available certifications and regions here. Similar compliance coverage for AWS Serverless is planned later this summer.
Databricks is adding support for the Kingdom of Saudi Arabia’s National Cybersecurity Authority frameworks ��— CCC, DCC and ECC — on Google Cloud, helping customers in the Kingdom adopt the Data Platform while aligning with local cybersecurity and residency expectations. The offering release is planned for later this month.
Databricks is proud to announce HITRUST coverage across AWS, Azure, and Google Cloud. This gives healthcare organizations greater flexibility to modernize their environments while maintaining compliance with one of the industry's most widely adopted security and privacy frameworks.
Earlier this year, Databricks officially achieved certification under Japan's Information System Security Management and Assessment Program (ISMAP), validating its adherence to rigorous government security standards. This milestone establishes Databricks as a trusted cloud service provider for Japan's public sector and highly regulated industries. As a result, organizations can now securely leverage the platform to accelerate their critical data and AI workloads.
Databricks continues to expand support for highly regulated public sector workloads on AWS GovCloud. Recent additions include Databricks Apps, Model Serving, AI Search, Predictive Optimization and Genie and Genie Code. You can see the full list in our release notes.
“By establishing a secure, FedRAMP High foundation with Databricks on AWS GovCloud and standardizing on Unity Catalog, we're creating an environment where data, analytics, and AI can scale responsibly across the FDA. That foundation is helping us modernize legacy experiences, accelerate innovation, and deliver greater impact in support of public health." — U.S. Food and Drug Administration (FDA)
We're extending FedRAMP High support on Azure to help more public sector and regulated organizations adopt the Databricks Platform with stronger compliance coverage. FedRAMP High on Azure Commercial is expected later this summer.
Whether you're enabling business users with Genie, modernizing operational workloads with Lakebase, or scaling agents across the enterprise, Databricks provides the security and compliance foundation to help you innovate with confidence.
To learn more about these announcements and best practices for securing data and AI, explore the resources below:
Subscribe to our blog and get the latest posts delivered to your inbox.