Why Serverless Risk Demands Identity-Aware Security at Cloud Scale 

**Executive Summary:** This report outlines the primary security risks in serverless environments—identity and permissions misuse, short-lived credential exposure, SSRF, RCE, shared dependencies, and insecure configurations—illustrating how small misconfigurations can cascade into full cloud account compromise; it provides example attack paths and prescriptive mitigations (least privilege, secrets management, logging/tracing, and CSPM controls such as Qualys TotalCloud) to reduce blast radius and detect exploitation.