Microsoft has identified a novel backdoor, dubbed “SesameOp,” that utilizes OpenAI’s Assistants API as a command-and-control (C2) channel. This sophisticated technique allows threat actors to stealthily orchestrate malicious activities within compromised environments, potentially evading traditional security measures.
The threat actor behind SesameOp employs the OpenAI Assistants API to fetch commands, which are then decoded and executed on the infected system. Results of these operations are sent back to OpenAI as messages, signaling task completion to the attacker. Microsoft’s Incident Response team discovered the backdoor in July 2025, finding evidence of several months of persistent compromise.
The intrusion campaign involves a loader component, Netapi64.dll, and a .NET-based backdoor, OpenAIAgent.Netapi64. These malicious elements leverage legitimate Microsoft Visual Studio utilities, compromised with malicious libraries through a technique known as AppDomainManager injection. This method is designed to enhance stealth and maintain persistence within the targeted network.
SesameOp’s primary function is to provide threat actors with covert, long-term access for espionage purposes. The backdoor supports commands for sleeping, executing payloads, and transmitting results. The dynamic link library is heavily obfuscated using Eazfuscator.NET to further conceal its malicious activities.
While the specific threat actor remains unidentified, this discovery highlights a growing trend of adversaries exploiting legitimate tools and services, including AI platforms, to mask their operations. Microsoft has shared its findings with OpenAI, which has reportedly disabled the associated API key and account. OpenAI’s Assistants API is scheduled for deprecation in August 2026.
The use of AI APIs for C2 infrastructure represents an evolving tactic in cyber warfare, potentially complicating attribution and detection efforts. This development underscores the need for continuous vigilance against emerging threat vectors and the adaptive strategies employed by malicious actors.
For more details on this discovery, refer to this related article.