Linux containers present a lightweight solution to package applications into images and instantiate them in isolated environments. Such images may include vulnerabilities that can be exploited at runtime. A vulnerability scanning service can detect these vulnerabilities by periodically scanning the containers and their images for potential threats. When a threat is detected, an event may be generated to (1) quarantine or terminate the compromised container(s) and optionally (2) remedy the vulnerability by rebuilding a secure image. We believe that such event-driven process is a great fit to be implemented in a serverless architecture. In this paper we explore the design of an automated threat mitigation architecture based on OpenWhisk and Kubernetes.