Table of Contents
Are Your AI Tools Safe? How Microsoft’s Vital Discovery Helps Protect You From the Dangerous SesameOp Threat.
A new, sneaky kind of computer attack has been found by experts at Microsoft. They call it “SesameOp.” This attack uses a popular Artificial Intelligence (AI) tool from a company called OpenAI in a way that was never intended. Bad actors are using the AI tool to hide their secret messages and control their computer viruses.
How the Attack Works
Think about how a spy works. Instead of using a special radio that good guys can find, the spy sends secret messages through the regular mail. The bad actors behind SesameOp do something similar. They hide their commands inside OpenAI’s system, which many companies use and trust. The bad software on a hacked computer knows to look in this hiding spot for its orders. This makes the attack very hard to notice because the secret messages look like normal, safe computer traffic.
The primary components of this attack include:
- A Secret Entrance: The attackers create a hidden way, called a backdoor, into a computer system.
- Abusing a Trusted Service: They use OpenAI’s Assistant API, a trusted and common tool, as their secret mailbox.
- Sending Secret Orders: The attackers leave commands in the API for their malware to pick up and execute.
- Staying Hidden: This method helps the attackers avoid security tools that look for unusual communication channels.
The Goal of the Attack
The main reason for this attack is to spy on people and companies for a very long time. The attackers want to stay inside a computer system without anyone knowing. This allows them to quietly steal information over weeks or even months. Microsoft’s security team found this attack while helping a company that had been hacked. The discovery shows how attackers are always finding creative new ways to misuse technology for espionage.