diff --git a/components/buildless-serverless/internal/controller/resources/deployment.go b/components/buildless-serverless/internal/controller/resources/deployment.go
index 239e29dbc..0ad314ba2 100644
--- a/components/buildless-serverless/internal/controller/resources/deployment.go
+++ b/components/buildless-serverless/internal/controller/resources/deployment.go
@@ -192,8 +192,10 @@ func (d *Deployment) podSpec() corev1.PodSpec {
 							"ALL",
 						},
 					},
-					ProcMount:              ptr.To(corev1.DefaultProcMount),
-					ReadOnlyRootFilesystem: ptr.To[bool](false),
+					ProcMount:                ptr.To(corev1.DefaultProcMount),
+					ReadOnlyRootFilesystem:   ptr.To[bool](false),
+					AllowPrivilegeEscalation: ptr.To[bool](false),
+					RunAsNonRoot:             ptr.To[bool](true),
 				},
 			},
 		},