Failure Pattern
Serverless functions inherit identity from IAM roles or orchestrator metadata that attackers can exploit.
What We See in the Field
A compromised upstream system triggers serverless functions under a role it should not have. Downstream services accept the invocation because metadata is trusted.
Underlying Causes
Lack of workload-bound identity
Overprivileged serverless roles
Metadata-driven trust
Blind acceptance of upstream calls
Identity drift across cloud boundaries
Trust-Native Network Resolution
DTL ensures functions verify the trusted identity of the workload invoking them. Only sessions with valid TrustKeys can execute sensitive functions.
Broken Trust Assumption
This failure pattern has played out repeatedly in real security incidents—not because of missing tools, but because of how trust is assigned.
In breaches such as SolarWinds, Capital One, Okta, and MOVEit, attackers did not bypass security controls. They operated through them, using valid identities, trusted credentials, signed code, and encrypted sessions. Security systems accepted these signals as proof of legitimacy, allowing malicious behavior to proceed.
The common thread across these incidents is structural: identity was assumed based on trust signals, not proven at the moment of execution.