On Monday, Microsoft’s Detection and Response Team (DART) revealed that the OpenAI Assistants API is being exploited as a malware backdoor, known as SesameOp. This backdoor allows cybercriminals to conduct prolonged espionage operations by utilizing the API for stealthy command-and-control communications. Researchers discovered this threat during an investigation into a sophisticated security incident in July. The Assistants API, which enables developers to integrate OpenAI tools like ChatGPT into applications, is being misused to manage compromised devices undetected and relay malicious commands. To combat the SesameOp exploit, Microsoft recommends regular audits of firewalls and web server logs, along with configuring perimeter firewalls to prevent unauthorized access. With the impending deprecation of the OpenAI Assistants API, developers should transition to the upcoming Responses API. For a detailed mitigation strategy, refer to the latest Microsoft Incident Response publication.
Keywords: OpenAI Assistants API, cybersecurity, malware backdoor, SesameOp, espionage, Microsoft DART.
