Microsoft's Detection and Response Team (DART) discovered a new backdoor named SesameOp, which exploits the OpenAI Assistants API for command-and-control (C2) communications. This marks a departure from traditional C2 methods, as threat actors use OpenAI's legitimate service to stealthily manage compromised systems. The backdoor was identified during a security incident in July 2025, revealing that attackers had maintained access for months through a network of internal web shells and compromised Microsoft Visual Studio utilities. SesameOp operates using a loader (Netapi64.dll) and a backdoor component (OpenAIAgent.Netapi64). The loader is heavily obfuscated, employs Eazfuscator.NET for stealth, and creates specific files in the Windows Temp directory to maintain operations. The backdoor itself fetches commands using the OpenAI API, decrypts them, and executes tasks locally. It also compresses and encrypts communications to avoid detection while sending results back to OpenAI. The backdoor’s configuration includes an API key, a dictionary key, and a proxy address, allowing it to operate under the radar. The malware can create a "vector store" using the hostname of the infected machine, enabling it to interact with the OpenAI platform. It retrieves a list of custom AI Assistants, which are tailored for specific tasks. Depending on the response from OpenAI, SesameOp can either pause operations (SLEEP), execute a payload, or return results. The detailed interaction with the API allows the backdoor to remain undetected while executing malicious commands, showcasing a sophisticated level of integration with legitimate software and services.