All news with #openai api tag

🔐 Researchers disclosed a major data exposure at Moltbook on January 31, 2026, revealing 35,000 emails and 1.5 million agent API tokens across 770,000 agents. Private messages contained plaintext third-party credentials, including OpenAI API keys, creating what the article calls a toxic combination — cross-app permissions that compound risk. The piece urges shifting review from single apps to the bridges between them and highlights procedural controls and dynamic SaaS security platforms like Reco to monitor runtime trust relationships and revoke risky tokens before exfiltration.

🔒 Kaspersky has extended Kaspersky Container Security with support for the OpenAI API, allowing organizations to connect local or third‑party large language models that implement that API. The integrated AI assistant analyzes uploaded container images, describes their contents and behavior, performs independent risk assessments, and suggests mitigations to speed investigations and decision-making. The update also brings single sign‑on and multi‑domain Active Directory support, faster image scanning, and enhanced security policy capabilities to the Kaspersky Cloud Workload Security suite.

🔒 Amazon Bedrock now supports AWS PrivateLink for the bedrock-mantle endpoint, enabling private network access to OpenAI API-compatible service endpoints. The bedrock-mantle endpoint is powered by Project Mantle, a distributed inference engine that simplifies model onboarding and delivers serverless, high-performance inference with QoS controls and higher default quotas. This expansion gives enterprises a private connectivity option across multiple AWS Regions for building and scaling generative AI applications.

🚀 Amazon Bedrock now exposes an OpenAI-compatible Responses API on new service endpoints, enabling asynchronous inference for long-running workloads, streaming and non-streaming modes, and automatic stateful conversation reconstruction so developers no longer must resend full histories. The endpoints provide Chat Completions with reasoning-effort support for models served by Mantle, Amazon’s distributed inference engine. Integration requires only a base URL change for OpenAI SDK–compatible code, and support starts today for OpenAI’s GPT OSS 20B and 120B models, with additional models coming soon.

🔒 Microsoft’s Detection and Response Team (DART) detailed a novel .NET backdoor called SesameOp that leverages the OpenAI Assistants API as a covert command-and-control channel. Discovered in July 2025 during a prolonged intrusion, the implant uses a loader (Netapi64.dll) and an OpenAIAgent.Netapi64 component to fetch encrypted commands and return execution results via the API. The DLL is heavily obfuscated with Eazfuscator.NET and is injected at runtime using .NET AppDomainManager injection for stealth and persistence.

🔐 Microsoft security researchers identified a new backdoor, SesameOp, which abuses the OpenAI Assistants API as a covert command-and-control channel. Discovered during a July 2025 investigation, the backdoor retrieves compressed, encrypted commands via the API, decrypts and executes them, and returns encrypted exfiltration through the same channel. Microsoft and OpenAI disabled the abused account and key; recommended mitigations include auditing firewall logs, enabling tamper protection, and configuring endpoint detection in block mode.