Security Intelligence
Loading table of contents...
In a report published November 3, Microsoft detailed a new malware campaign leveraging the OpenAI Assistants Application Programming Interface (API) as a covert command-and-control (C2) channel.
The OpenAI Assistants API, a cloud-based interface designed to facilitate conversational workflows and automation, was used to relay attacker instructions.
The threat actors planted a backdoor, named SesameOp, by leveraging .NET AppDomainManager injection to load malicious code into Microsoft Visual Studio processes. The malicious tools were disguised as legitimate developer utilities, including a fake Visual Studio debugger executable.
Once deployed, the malware communicated with the OpenAI Assistants API to receive malicious commands embedded in benign-looking interactions. This tactic allowed the threat actor to bypass traditional detection mechanisms and maintain persistence for several months.
Microsoft has not attributed the campaign to a specific actor and has not disclosed the targeted organization.
Analyst insight
This tactic is notable for its use of an AI interface as a command-and-control (C2) mechanism.
To detect malicious use of chatbot APIs like the OpenAI Assistants API, defenders should monitor for unusual outbound traffic patterns, especially frequent or scripted interactions with AI endpoints that do not align with expected business workflows.
In the case of SesameOp, attackers embedded commands in benign-looking API calls that blended into normal traffic, making traditional domain or IP-based filtering ineffective.
The Assistants API will be deprecated in August 2026, which may eliminate this specific vector. However, the broader tactic is likely to become more widespread if threat actors leverage other trusted cloud-hosted services as C2 channels.
Microsoft Defender for Endpoint has released detection signatures for SesameOp. Field Effect MDR clients will be alerted to the malicious use of AppDomainManager injection and Visual Studio utilities.
Organizations should consider implementing stricter controls on cloud API access and auditing developer tool usage across environments. This includes auditing Visual Studio usage, monitoring outbound API traffic for anomalies, and reviewing access to cloud-based AI services.
Stay on top of emerging threats like this.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
.jpg)
.jpg)