Serverless architecture removes much of the overhead costs tied to infrastructure, but it shifts security responsibilities toward code and permissions. Instead of managing servers, developers must focus on how functions interact and what they trust.1. Over-Privileged IAM RolesOne of the most widespread issues in serverless security is the use of overly permissive identity and access management (IAM) roles, or the granting of functions more permissions than they actually need. The principle of least privilege (PoLP) is essential: each function should be allowed to access only the resources required to perform its task.