Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications.

"Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment," the Detection and Response Team (DART) at Microsoft Incident Response said in a technical report published Monday.

"To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then runs."

The tech giant said it discovered the implant in July 2025 as part of a sophisticated security incident in which unkno

See Full Page