Posted on March 4, 2026
The global maritime industry is adopting artificial intelligence (AI) at unprecedented speed to streamline operations, recruitment, and vessel maintenance. However, this digital acceleration is creating a dangerous opening. Cyberattacks unfold autonomously and almost invisibly. Often, these happen before defenders even realise a breach has begun.
New industry data shows that up to 60 percent of newly disclosed software vulnerabilities across ships, ports, and offshore assets are now weaponised within 48 hours.
The shift is stark. In 2018, attackers typically took 63 days to exploit a newly published flaw. By 2024, that window had collapsed to five days. Today, AI‑powered hacking tools have reduced it to less than 48 hours. In some cases, systems are targeted within 15 minutes of a vulnerability being detected.
A new research paper from maritime cybersecurity firm Cydome warns that 87 percent of organizations now view AI‑related vulnerabilities as their fastest‑growing threat. This signals a collapse of the traditional security response cycle.
Tetsuji Madarame, a maritime and logistics expert and former Head of Digital Transformation and Innovation at NYK Line, said that as AI moves rapidly from a generative to agentic and physical model, expanding capabilities into autonomous navigation and optimal fleet operations, “protecting AI-related assets must be a top priority.”
The proliferation of edge‑network devices — routers, firewalls, VPNs, and satellite terminals — is creating new vulnerabilities across maritime operations
AI enables “flawless deception” at scale
The report highlights how AI is transforming the sophistication and speed of social‑engineering attacks. According to Cydome:
- 83 percent of phishing emails targeting multinational crews are now AI‑generated, written in native languages and tailored to cultural nuances.
- Voice phishing (vishing) has surged 1,600 percent, driven by AI tools capable of cloning executive speech patterns with near‑perfect accuracy.
- Identity fraud has risen 195 percent, fuelled by AI‑enhanced images, deepfake videos, and automated location masking.
One high‑profile case involved a European energy major that lost $25 million after attackers used a deepfake audio clone of the company’s CFO to authorize an urgent wire transfer.
The voice matched the executive’s tone, dialect, and cadence so precisely that staff complied without hesitation.
In another incident, a $200,000 compensation payment intended for the family of a deceased seafarer was diverted. Criminals used an AI‑powered email interceptor to alter account details.
Cydome also documents a case in which a company unknowingly hired an infiltrator. The infiltrator used an AI‑manipulated photograph and a stolen identity to pass four separate video interviews. Furthermore, the operative used a “laptop farm” to bypass location checks and attempted to access internal servers.
The report warns that the broader digital ecosystem is now saturated with autonomous agents. In fact, 82 AI identities operate online for every one human identity. As a result, this complicates authentication and trust.
Theofano Somaripa, Group CIO of dry bulk operator Newport S.A, believed that cyber-attacks in 2026 will be defined by a “shift in focus from digitalization to the radical restructuring of business models through AI”.
AI is delivering major operational efficiencies, but it is also enabling attackers to deploy autonomous, adaptive, and nearly undetectable cyberattacks
The weakest link: Edge devices under siege
The proliferation of edge‑network devices — routers, firewalls, VPNs, and satellite terminals — is creating new vulnerabilities across maritime operations. Additionally, Cydome reports an 800 percent increase in attacks on edge infrastructure in 2025. Notably, 20 percent directly target firewalls and VPNs.
One of the most striking examples involved the Lab Dookhtegan hacktivist group, which managed to disconnect 116 tankers from the internet by wiping the “network edge” of their satellite connectivity provider.
Attackers erased VSAT partitions on ship hard drives, cutting off all communications, including ship‑to‑shore VOIP services. The incident created severe operational, safety, and compliance risks.
Katerina Raptaki, IT Manager at Greek shipping company Navios, said that shipping companies are deploying AI faster than they are defining cyber accountability.”
“In 2026, the question after an incident won’t be was the AI wrong?’ but why was it trusted?”
A sector racing against its own digital transformation
The Cydome Maritime Cyber Trends Report 2026: What Shipping Executives Need to Know draws on operational data and incident logs. It also pulls insights from 13 industry leaders, including shipowners and classification societies. Its findings paint a picture of an industry modernizing faster than it can secure itself.
AI is delivering major operational efficiencies. However, it is also enabling attackers to deploy autonomous, adaptive, and nearly undetectable cyberattacks.
As the maritime sector becomes more connected, the report warns that the next major cyber incident may unfold too quickly for human intervention.
Shipping companies are deploying AI faster than they are defining cyber accountability
Øystein Brekke-Sanderud, Head of Maritime OT/ICS Security at NORMA Cyber, said: “In 2026, the most significant cybersecurity risk will come from inside the perimeter.
“As organizations become more digitally integrated, insider risk, whether malicious, compromised, or accidental, will be one of the hardest challenges to detect and manage. Resilience will increasingly depend on how well we detect subtle signals early, not just how well we defend the edge.”
Panagiotis Anastasiou, Cyber Security Strategy Leader with Bureau Veritas Marine & Offshore added: “Attacks are inevitable and, as an incidents analysis indicates, are becoming more sophisticated; the differentiator will be how quickly and safely a shipping company can detect, respond, and continue operations.”
