The Personal Access Tokens (PATs) feature in Contentful allows users to perform actions on their behalf, but they can be easily leaked and compromised if not handled properly. Leaving PATs in source code or using them as passwords is a security risk, and it's recommended to use environment variables instead. To address this issue, the Contentful team built a tool that scans for leaked PATs in GitHub repositories belonging to their organization and its users, and revokes them automatically if necessary. The tool uses serverless computing with AWS Lambda functions to run on a regular schedule without requiring infrastructure setup. This approach makes it easier to monitor and secure PATs, and provides a good example of how to build event-driven workflows using frameworks like Serverless.