Methods and systems for detecting and responding to fabricated or unauthorized events received by serverless computing environments are provided. In one embodiment the method is provided that includes receiving an event from an event source external to the serverless computing environment for execution by function. The method may then include creating a message that includes the events and signing the message with an identifier of the event source. The message may then be received at the function and the identifier of the event source may be validated. The event may then be executed with the function of the serverless computing environment if the identifier of the event sources successfully validated. However, if the identifier of the event source is not successfully validated, execution of the event with the function may be prevented.