Open SesameOp: Abusing trusted AI platforms to host a C2 server

Open SesameOp: Abusing trusted AI platforms to host a C2 server

From Microsoft Threat Intelligence Podcast by Microsoft

January 14, 2026 · 36 min · Season 3 · Episode 60

About this episode

The episode discusses the abuse of trusted AI platforms for command-and-control by threat actors and the evolving tactics of ransomware groups.

To kick off Season 3 of Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi. Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect. Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft. In this episode you’ll learn: What happens when threat actors gain control of highly privileged identities Why monitoring identity behavior is as critical as monitoring endpoints How attacker tactics are adapting to environments that blend cloud and on-prem systems Some questions we ask: What does recent threat activity tell…

People in this episode

Host: Sherrod DeGrippo

Guests: Anna Seitz, Jonathan Checchi

Topics covered

  • cloud-native ransomware
  • AI platform abuse
  • command-and-control
  • identity monitoring
  • federated authentication
  • high-impact attacks

Keywords

  • ransomware
  • cloud security
  • identity management
  • AI integration
  • MFA
  • conditional access
  • threat landscape

Mentioned in this episode

Organizations: Microsoft, Storm-0501, SesameOp

More episodes of Microsoft Threat Intelligence Podcast

Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.