Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel

Hackers have found a new use for OpenAI's Assistants API – not to write poems or code, but to secretly control malware.

Microsoft this week detailed a previously unseen backdoor dubbed "SesameOp," which abuses OpenAI's Assistants API as a command-and-control channel to relay instructions between infected systems and the attackers pulling the strings. First spotted in July during a months-long intrusion, the campaign hid in plain sight by blending its network chatter with legitimate AI traffic – an ingenious way to stay invisible to anyone assuming "api.openai.com" meant business as usual.

According to Microsoft's Incident Response team, the attack chain starts with a loader that uses a trick known as ".NET AppDomainManager injection" to plant the backdoor. The malware doesn't talk to ChatGPT or do anything remotely conversational; it simply hijacks OpenAI's infrastructure as a data courier. Commands come in, results go out, all via ...