diff --git a/services/compute/serverless-computing/threats.yaml b/services/compute/serverless-computing/threats.yaml
new file mode 100644
index 00000000..a6b26210
--- /dev/null
+++ b/services/compute/serverless-computing/threats.yaml
@@ -0,0 +1,18 @@
+common_threats:
+  - CCC.TH01  # Access control is misconfigured
+  - CCC.TH02  # Data is intercepted in transit
+  - CCC.TH03  # Deployment region network is untrusted
+  - CCC.TH04  # Data is replicated to untrusted or external locations
+  - CCC.TH05  # Data is corrupted during replication
+  - CCC.TH06  # Data is lost or corrupted
+  - CCC.TH07  # Logs are Tampered With or Deleted
+  - CCC.TH08  # Cost Management Data is Manipulated
+  - CCC.TH09  # Logs or Monitoring Data are Read by Unauthorized Users
+  - CCC.TH10  # Alerts are Intercepted
+  - CCC.TH11  # Event Notifications are Incorrectly Triggered
+  - CCC.TH12  # Resource constraints are exhausted
+  - CCC.TH13  # Resource Tags Are Manipulated
+  - CCC.TH14  # Older Resource Versions Are Exploited
+  - CCC.TH15  # Automated Enumeration and Reconnaissance by Non-Human Entities
+
+# No serverless-specific threats as of yet