What I Learned at DEFCON: AI Malware, Quantum Threats & a Crash Course in Human Psychology

By Ben Wright, Information Security Manager and Senior Technician at IT Desk

Attending DEFCON in Las Vegas this year felt like stepping into the epicentre of the cybersecurity world. It’s one thing to stay on top of cybersecurity trends from behind a desk—reading threat intelligence reports, updating policies, tuning systems. It’s another to be surrounded by the minds shaping tomorrow’s threat landscape in real time.

This wasn’t just a conference—it was an immersive experience into everything that's coming next in cyber security. From AI-powered malware to disturbingly effective social engineering tactics, and even deep dives into quantum computing, DEFCON delivered insights that were as fascinating as they were sobering. Here are my key takeaways—not only from DEFCON itself, but from the long-haul work trip that gave me time to reflect and recharge.

AIMAL: AI-Powered Malware That Writes Itself 😳

One of the most jaw-dropping sessions at DEFCON was a demolab on AIMAL (Artificially Intelligent Malware Launcher). This AI tool is engineered to rewrite its own code, dynamically evading antivirus, EDR, and IDS detection in real-time. In the demo, AIMAL bypassed ESET AV—live.

It was equally impressive and unsettling.

This is no longer science fiction. The AI arms race between attackers and defenders is well underway. Signature-based detection is no longer enough—adaptive, machine learning-powered defences are now essential.

At IT Desk, we’re already investing in layered detection and behavioural analytics, but DEFCON was a stark reminder: the adversary is evolving fast.

Social Engineering Village: The Most Dangerous Hackers Don’t Need Code

Watching live social engineering calls at the Social Engineering Village was both fascinating and deeply unsettling.

These professionals used public information—often scraped from company websites or LinkedIn—to build trust and extract sensitive data. In one case, a vishing caller got a staff member to reveal their organisation’s MFA provider simply by being friendly and persistent.

It made me reflect: if someone rang your company asking to “check” a website, would you question their intent—or just follow instructions?

Technology can only go so far. People are a critical piece in the cyber security puzzle, and human firewall training needs to be continuous, not just an annual tick-box exercise.

Quantum Computing: The Countdown Has Begun ⏳

The standout keynote for me was “POST-QUANTUM PANIC” by Konstantinos Karagiannis. He warned that quantum computing may arrive sooner than expected, with major breakthroughs possible before 2030.

NIST has advised organisations to move to quantum-resistant encryption by 2035—but that timeline may already be too generous. Karagiannis argued that state actors and cybercriminals may already be harvesting encrypted data, planning to decrypt it once quantum tools catch up.

The biggest concern? Quantum decryption could happen silently and offline. You may never know your secrets have been compromised.

At IT Desk, we’re beginning our roadmap towards post-quantum cryptography. It's not a panic—but it is urgent.

Packet Hacking Village: Where Learning is Loud, Hands-On, and Humbling

Imagine a darkened room pulsing with music, packet captures on every screen, and hackers solving challenges faster than you can blink. Welcome to the Packet Hacking Village.

The Wall of Sheep—a live feed displaying usernames and passwords sniffed from unsecured HTTP traffic—was both hilarious and horrifying. A stark reminder: even now, people are transmitting sensitive data over insecure connections.

This is why basic security hygiene—like using VPNs, enforcing HTTPS, and avoiding public Wi-Fi without encryption—still matters. The fundamentals are fundamental for a reason.

A Chat with Jack Rysider: Privacy, Policy & the Global Digital Tide 🎙️

One of the more insightful moments of the trip was a conversation with Jack Rysider, creator of the Darknet Diaries podcast. We explored the evolving landscape of online privacy, particularly in the UK, and the delicate balance between effective regulation and individual freedoms.

Jack offered a global perspective on how technology policy can shape innovation - highlighting how even well-intentioned laws can sometimes lead to unintended consequences like increased oversight or restricted access.

This isn't just theoretical. It's practical concern for any organisation operating in a data-driven world. Shifts in regulation can have significant operational implications, especially in sectors where data is a core asset.

Off the Clock, But Not Off the Record

One of the most memorable parts of the trip was a steak dinner with a wildly eclectic crew: a NASA satellite operator, a pilot, an underwater internet cable technician, a SANS instructor, and more. The conversation flowed from tech to philosophy to politics and back again.

What struck me most was the shared curiosity and integrity in the room. We all want to build a more secure, open, and resilient world. DEFCON, for all its intensity, was also a celebration of that shared mission.

What DEFCON 2025 Means for IT Desk (and You)

So, what does all this mean for us back at home? Here’s what I’m taking forward:

✅ AI threats are real—and already here.

✅ Human error remains the easiest way in—security culture is vital.

✅ Quantum computing is closer than we think—start planning today.

✅ Collaboration is our greatest strength—inside and outside the organisation.

DEFCON reaffirmed my belief that security is a mindset, not a tool. At IT Desk, we're continuing to build solutions that protect our clients from today’s threats—and tomorrow’s.

Not Your Average MSP: Why We Went the Extra Mile

In the UK, most MSPs tend to circulate within the same local events, panels, and networking circles. There’s a familiar rhythm to it—comfortable, predictable, and often limited in scope. But cybersecurity doesn’t operate within borders, and neither should we.

At IT Desk, we believe that staying ahead means stepping outside the echo chamber. That’s why we didn’t just attend another UK-based tech expo—we flew halfway across the world to DEFCON, the most renowned hacking and cybersecurity convention on the planet.

It wasn’t just about the talks or the tech. It was about seeing the other side—the raw, unfiltered edge of cybersecurity where innovation meets confrontation. Most UK MSPs wouldn’t dare to go there. We did.

Because we’re not here to follow the crowd. We’re here to lead, learn, and bring back insights that genuinely move the needle for our clients.

Beyond the Hacker Halls: Vegas, Teslas & Time to Reflect 🚗🌆

Not only was DEFCON eye-opening, but the entire experience of travelling long-haul for work was genuinely unforgettable. Between the mind-bending talks, workshops, and late-night infosec conversations, I managed to carve out a bit of time to explore Las Vegas—a place that feels like its own simulation inside the simulation.

I wandered up and down the Strip, soaking in the iconic chaos: the towering Luxor pyramid, the (somewhat uncanny) Statue of Liberty, and even a full-on Italian-themed shopping centre that looked like Venice had been ported into a casino. And of course, The Sphere—that glowing digital monolith—was every bit as surreal as the hype suggests.

One highlight? Riding the Tesla Loop underneath the Las Vegas Convention Centre. It honestly felt like I was in a sci-fi film—zipping silently through neon-lit tunnels in a Model Y. Tech meets transport in the most Vegas way possible.

Oh, and the cars! I spotted classic Corvettes, vintage Ferraris, and even a few Cybertrucks cruising around the city. It was car-spotter heaven, and a brilliant contrast to the digital worlds we were immersed in during the day.

All in all, the trip was an incredibly rewarding blend of professional development and personal exploration—a reminder of just how lucky I am to call this part of my job. Here’s to the next one!

Need to harden your security posture for the future?

Get in touch. IT Desk helps businesses like yours stay proactive, prepared, and protected.