Microsoft’s security researchers have unearthed a new form of backdoor malware, termed SesameOp, which ingeniously employs the OpenAI Assistants API to create a hidden command-and-control (C2) channel. The company’s Detection and Response Team (DART) uncovered the malware while probing a cyberattack that occurred in July 2025, revealing that it grants attackers persistent access to targeted environments.
This innovative malware allows threat actors to manage compromised devices remotely over an extended period by utilizing legitimate cloud services, circumventing the need for dedicated malicious infrastructure that often attracts attention during incident response efforts. “Instead of relying on traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel to stealthily communicate and orchestrate malicious activities within the compromised environment,” noted Microsoft’s Incident Response team in their recent report.
The SesameOp backdoor leverages the OpenAI Assistants API to fetch compressed and encrypted commands, which the malware then decrypts and executes on the infected systems. The attackers employ a combination of symmetric and asymmetric encryption to safeguard the information gathered during these attacks, which is subsequently relayed back through the same API channel.
The attack chain, as documented by DART researchers, employs a highly obfuscated loader alongside a .NET-based backdoor that is distributed using .NET AppDomainManager injection into various Microsoft Visual Studio utilities. To ensure its persistence, the malware establishes internal web shells and strategically positions malicious processes aimed at facilitating extended espionage operations.
Notably, Microsoft clarifies that the malware does not exploit any vulnerabilities or misconfigurations in OpenAI’s infrastructure; it rather misappropriates the capabilities inherent in the Assistants API, which is scheduled to be deprecated in August 2026. Collaborative investigations between Microsoft and OpenAI have led to the identification and deactivation of the account and API key employed during the attempted attacks.
“The stealthy nature of SesameOp aligns with the goal of establishing long-term persistence for espionage purposes,” Microsoft remarked. To combat the potential impacts of SesameOp infections, the company advises security teams to conduct thorough audits of firewall logs, enable tamper protection, configure endpoint detection in block mode, and keep an eye on unauthorized connections to external services.
The discovery of SesameOp underscores lessons in cybersecurity, revealing how threat actors are continually adapting and innovating in their methods. The collaborative efforts from both Microsoft and OpenAI highlight a commitment to combating these evolving threats, ensuring that both organizations remain vigilant against future attempts to exploit legitimate technologies for malicious uses.