Beyond the Hype: How the “SesameOp” Backdoor Turns OpenAI into a Stealthy C2 Channel (And How to Fight Back)

In the cybersecurity world, we often talk about attackers “living off the land”—using a victim’s own internal tools (like PowerShell or WMI) to avoid detection. But what happens when they start “living off the trusted service“?

We’re now seeing the answer. Security researchers at Microsoft have uncovered a novel backdoor, dubbed “SesameOp,” that cleverly abuses the OpenAI Assistants API, not for generating text, but as a stealthy, encrypted command-and-control (C2) channel.

This discovery, detailed by both The Hacker News and SecurityWeek, marks a significant evolution in attacker tactics. It turns a universally trusted, high-reputation service into a covert tool for espionage.

Here’s a breakdown of how it works and, more importantly, how you can defend against this new class of threat.