Detecting Serverless Function Injection When to Use - Auditing Lambda/Cloud Functions for code injection vulnerabilities where unsanitized event data flows into dangerous runtime functions ( , , , ) - Investigating incidents where an attacker modified function code or layers to establish persistence or exfiltrate data from the serverless environment - Detecting privilege escalation paths where an adversary with and can assume higher-privilege execution roles - Analyzing event source poisoning attacks where malicious payloads are injected through S3 object uploads, SQS messages, DynamoDB strea…