Profile
Microsof...
Microsoft warns OpenAI API exploited
November 5, 2025 -
2 minutes, 3 seconds
What happened? — Microsoft warns a key OpenAI API is being exploited to launch cyberattacks
Microsoft says attackers are abusing OpenAI’s Assistants API to hide command-and-control (C2) traffic, allowing malware to receive encrypted instructions and exfiltrate data. This technique turns legitimate-looking AI API calls into a stealthy relay, making detection harder for traditional network monitoring.
How does the exploit work? — Microsoft warns a key OpenAI API is being exploited to launch cyberattacks
Researchers detail that the backdoor uses the Assistants API as a storage/relay for commands (SesameOp is one reported example), fetching and executing instructions from API responses. Because traffic goes over encrypted HTTPS to a trusted AI endpoint, attackers can blend malicious activity with normal cloud traffic.
How can organizations respond? — Microsoft warns a key OpenAI API is being exploited to launch cyberattacks
Microsoft recommends immediate steps: audit firewall rules, enforce tamper protection, tighten credential storage, and enable robust endpoint detection and response (EDR). Prioritize least-privilege API keys, monitor unusual API usage patterns, and block or throttle unexpected external AI API communications.
What should users and admins do now? — Microsoft warns a key OpenAI API is being exploited to launch cyberattacks
If you manage endpoints or networks, rotate API keys, enable multifactor and tamper protections, and review logs for anomalous outbound calls to AI services. For readers: keep devices patched, back up important data, and ask your IT team whether they’ve implemented Microsoft’s suggested mitigations.
Related Posts
Contact Information
Suggested Writers
-
2.4K articles
-
1.3K articles
-
34 articles
-
28 articles








Comment