Towards Zero Trust in Cloud-Native Faas: Evaluating Vulnerabilities and Adaptive Mitigations

Cloud-native Function as a Service (FaaS) has rapidly emerged as a key paradigm in modern application architecture, enabling developers to deploy code without managing the underlying infrastructure. However, the distributed and ephemeral nature of FaaS introduces unique security challenges that traditional perimeter-based security models fail to address adequately. This paper presents a comprehensive analysis of vulnerabilities in cloud-native FaaS environments and proposes an adaptive zero trust framework specifically tailored for serverless computing. We evaluate these vulnerabilities through empirical testing across major cloud providers, identify critical attack vectors, and demonstrate the effectiveness of our proposed mitigations through a series of controlled experiments. Our findings show that applying fine-grained authentication and authorization at the function level, coupled with dynamic runtime monitoring and behavioral analysis, can significantly reduce the attack surface while maintaining performance. The study contributes to the growing body of knowledge on zero trust architectures by extending the model to encompass the specific requirements of serverless computing environments, with quantifiable improvements in security posture without significant performance degradation.