This rule detects potential security risks associated with Amazon Web Services (AWS) Lambda functions by monitoring for the addition of permissions through resource-based policies. The rule is triggered when a permission is added to a Lambda function, indicating that access rights may have been expanded beyond necessity or intended use. This behavior may signify that an attacker could manipulate the function using unauthorized access, representing a backdoor entry point into the AWS environment. The rule leverages AWS CloudTrail logs to track the 'AddPermission' API call related to Lambda functions. It emphasizes the importance of verifying whether any modifications made are legitimate and necessary as part of access enhancement procedures.