In November 2025, Microsoft Incident Response – Detection and Response Team (DART) identified a new backdoor known as SesameOp. This threat leverages the OpenAI Assistants Application Programming Interface (API) to establish command-and-control communications. By integrating AI into their operations, threat actors are expanding their capabilities and posing greater challenges for security teams.
AI as tradecraft: How threat actors operationalize AI
Summary: Microsoft researchers discovered a new backdoor called SesameOp that uses the OpenAI Assistants API for command and control communications, highlighting how threat actors are increasingly leveraging AI in their operations.
Key facts
- A new backdoor called SesameOp was discovered.
- It uses the OpenAI Assistants API for command-and-control communications.
Why it matters
This development underscores the importance of adapting cybersecurity strategies in response to evolving tactics. As threat actors adopt more sophisticated AI tools, traditional methods may become insufficient, necessitating a shift towards more advanced detection and response mechanisms.