Cybersecurity researchers have uncovered a sophisticated backdoor that exploits OpenAI's legitimate services as a covert command-and-control channel, marking a concerning evolution in how threat actors abuse cloud platforms to evade detection.
Microsoft's Incident Response team discovered SesameOp in July 2025 during an investigation into a long-term espionage campaign. Rather than building traditional infrastructure that security tools can easily spot, the attackers cleverly misused OpenAI's Assistants API—a feature designed for building custom AI agents—to relay commands and steal data from compromised networks.
"This threat does not represent a vulnerability or misconfiguration, but rather a way to misuse built-in capabilities," Microsoft researchers explained. The technique allowed attackers to hide in plain sight, as communications appeared as legitimate traffic to OpenAI's services.
How the Attack Works
SesameOp operates through two components: a loader (Netapi64.dll) and a .NET-based backdoor. The malware queries OpenAI's API to fetch encrypted commands, executes them locally using Microsoft JScript, then sends results back disguised as ordinary API messages. Multiple layers of encryption (both AES and RSA) and GZIP compression keep the payload hidden from security scanners.
The attackers maintained persistence for months using .NET AppDomainManager injection—a stealthy technique that compromises Visual Studio utilities with malicious libraries.
Microsoft and OpenAI jointly investigated the incident and disabled the threat actor's API key. OpenAI confirmed that the compromised account had made only "limited API calls" without accessing AI models directly. The Assistants API is scheduled for deprecation in August 2026.
Organisations should monitor outbound connections to api.openai.com, enable tamper protection in Microsoft Defender, and configure firewalls to block unauthorised cloud service communications. Microsoft Defender now detects SesameOp as Trojan:MSIL/Sesameop.A and Backdoor:MSIL/Sesameop.A.
This discovery highlights how threat actors rapidly adapt to emerging technologies, transforming legitimate cloud services into weapons for espionage campaigns.