Exploiting OpenAI Assistants: How SesameOp Malware is Leveraging API in Cyber Attacks

New Backdoor Malware SesameOp Discovered by Microsoft Security Researchers

Microsoft security researchers recently uncovered a new backdoor malware known as SesameOp that utilizes the OpenAI Assistants API as a covert command-and-control channel. This discovery was made during an investigation into a cyberattack in July 2025, where it was found that the malware provided attackers with persistent access to the compromised environment.

The malware, SesameOp, allowed threat actors to remotely manage backdoored devices for several months by leveraging legitimate cloud services instead of relying on dedicated malicious infrastructure that could potentially be detected and taken down during incident response.

The Microsoft Incident Response team highlighted that the threat actor behind SesameOp backdoor opted for a stealthier approach by abusing the OpenAI Assistants API as a means to communicate and orchestrate malicious activities within the compromised environment. This involved using the API as a storage or relay mechanism to fetch and execute commands.

SesameOp employs the OpenAI Assistants API to fetch compressed and encrypted commands that are decrypted and executed on infected systems. The harvested information is encrypted using a combination of symmetric and asymmetric encryption and transmitted back through the same API channel.

The attack chain observed by DART researchers involved a heavily obfuscated loader and a .NET-based backdoor deployed through .NET AppDomainManager injection into multiple Microsoft Visual Studio utilities. The malware establishes persistence through internal web shells and strategically placed malicious processes for long-term espionage operations.

Microsoft clarified that the malware does not exploit any vulnerability in OpenAI’s platform but rather misuses the built-in capabilities of the Assistants API, which is set for deprecation in August 2026. Collaborative efforts between Microsoft and OpenAI led to the identification and disabling of the account and API key used in the attacks.

According to Microsoft, the objective of the SesameOp attack was long-term persistence for espionage-type purposes, aligning with the malware’s stealthy nature. To mitigate the impact of SesameOp attacks, security teams are advised to audit firewall logs, enable tamper protection, configure endpoint detection in block mode, and monitor unauthorized connections to external services.

Empower your team with the latest security insights. Download our comprehensive guide on secrets management and AI-generated code security.

Download Now