■■■□□ SesameOp: Novel backdoor uses OpenAI Assistants API for command and control.
Microsoft Incident Response – Detection and Response Team (DART) uncovered SesameOp, a new backdoor that uses the OpenAI Assistants API for C2. DART shared the findings with OpenAI, who identified and disabled an API key and associated account. msft.it/6012tGbpm
SesameOp uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then decrypts and executes locally. Once the tasks are completed, it sends the results back to OpenAI as a message. To stay under the radar, the backdoor uses compression and encryption.
Microsoft and OpenAI jointly investigated the threat actor’s use of the OpenAI Assistants API. This threat does not represent a vulnerability or misconfiguration, but a way to misuse built-in capabilities of the OpenAI Assistants API, which is being deprecated in August 2026. Microsoft and OpenAI continue to collaborate to better understand and disrupt how threat actors attempt to misuse emerging technologies.
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control