Microsoft warns a key OpenAI API is being exploited to launch cyberattacks

News
By published

OpenAI’s Assistants API serves as a C2 server

OpenAI logo on a smartphone screen
(Image credit: Shutterstock / Mehaniq)
  • SesameOp malware uses OpenAI’s Assistants API as a covert command-and-control channel
  • It enables persistent access, runs commands, and exfiltrates data via encrypted API traffic
  • Microsoft urges firewall audits, tamper protection, and endpoint detection to mitigate threats

To be able to operate properly, malware needs a way to communicate with its “headquarters” - the command & control (C2) server - which is one of the usual ways cybersecurity researchers identify malware - by looking at suspicious communications - which is why crooks go to lengths to try and hide these “conversations” in plain sight.

Recently, security researchers from Microsoft discovered a new piece of malware that uses a creative way of hiding this dialogue, abusing OpenAI’s Assistants API, a programming interface that lets developers integrate OpenAI’s AI “assistant” capabilities into their own applications, products, or services.

"Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment," the Microsoft Incident Response team said in the report. "To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then runs."

Used for espionage

The malware is named SesameOp, and was discovered in July 2025. It grants its attackers persistent access to the compromised environment, as well as usual backdoor capabilities. All of the information grabbed in the attacks is then encrypted and shipped back through the same API channel.

It is also worth emphasizing this is not a vulnerability in OpenAI’s platform, but rather a built-in capability of the Assistants API which is being abused. According to BleepingComputer, the API itself is scheduled for deprecation in August 2026 anyway.

"The stealthy nature of SesameOp is consistent with the objective of the attack, which was determined to be long term-persistence for espionage-type purposes," Microsoft added.

Those worried about potential SesameOp malware attacks should audit their firewall logs, enable tamper protection, and configure endpoint detection in block mode. Furthermore, they should also monitor for unauthorized connections to external services.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.