Serverless computing revolutionizes app development, but introduces unique security challenges due to its dynamic nature and reliance on third-party services. Drawing on insights from Google Cloud's security practices and real-world incidents, this talk explores the root causes of significant vulnerabilities exploited over the past decade. We'll delve into critical issues such as insecure coding practices, supply chain attacks, and misconfigurations, illustrating their potential consequences. Through data-driven insights attendees will gain actionable recommendations for hardening serverless security. Serverless security is not solely about safeguarding individual applications; it has far-reaching implications for the entire cloud ecosystem. The interconnected nature of serverless architectures means that a vulnerability in one component can cascade, potentially compromising multiple services and users. Therefore, a holistic approach to serverless security is essential, encompassing not only secure coding practices within applications but also robust protection for the underlying infrastructure, data storage, and network communications.