New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations | CSO Online

Microsoft has uncovered a new backdoor named SesameOp that exploits the OpenAI Assistants API for covert command-and-control operations, making detection difficult by using legitimate API functions. This method bypasses traditional detection methods by masking malicious traffic as benign API calls to api.openai.com.