The  speed with which the global maritime industry is adopting AI technology to optimise operations, recruitment and maintenance is leaving the sector open to a swift, autonomous cyber-attack that is almost impossible to detect before it’s too late.

New data shows that up to 60% of all newly disclosed software vulnerabilities on ship, onshore and offshore are being weaponised within 48 hours as hackers also begin to use AI to accelerate attacks.

In 2018, the average time from new software vulnerabilities being published to an actual  attack was 63 days; by 2024, it had fallen to five days. Today, AI-driven tools have reduced the hacking window to less than 48 hours, with many systems being targeted within just 15 minutes of a system flaw being detected.

Tetsuji Madarame, a distinguished maritime and logistics expert and former Head of Digital Transformation and Innovation at NYK Line, says that as AI moves rapidly from a generative to agentic and physical model, expanding capabilities into autonomous navigation and optimal fleet operations, “protecting AI-related assets must be a top priority.”

Findings from a Cydome security research paper published this week indicates that  87% of organisations now view AI-related vulnerabilities as the fastest-growing risk, highlighting a dangerous collapse in the traditional security response window. While the technology streamlines operations, it also enables the nefarious to carry out “flawless deception”.

Theofano Somaripa, Group CIO with dry bulk operator Newport S.A, says that cyber-attacks in 2026 will be defined by a “shift in focus from digitalisation to the radical restructuring of business models through AI”.

The report notes that 83% of phishing emails already use AI to target multi-national crews in their native language, and in a way that instantly establishes trust. This has led to a 1600% surge in voice phishing (vishing), where AI clones the speech pattern  of C-suite executives to authorise fraudulent transactions.

In a one incident, this type of AI-based skullduggery was used to fleece a European energy major out of US$25 million, when attackers used a deepfake audio clone of the company's CFO to instruct staff to carry out an urgent wire transfer. The voice was so precise in tone, dialect and cadence that the money was gone in a flash.

In a different incident, a US$200,000 crew compensation payment was diverted using an AI-based email interceptor to a criminal’s own account rather than to the family of the deceased seafarer.

And further illustrative of the 195% increase in AI-driven identity fraud, a firm unknowingly hired an operative who used an AI-enhanced photograph and a stolen identity to pass four separate video interviews. Bypassing standard captcha-style verification processes, the fraudster used a "laptop farm" to mask their true location while attempting to infiltrate the company's internal servers.

This mirrors a broader identity crisis where 82 autonomous AI agents now operate on the internet for every one human identity.

Shipping companies are deploying AI faster than they are defining cyber accountability," warns Katerina Raptaki, IT Manager at Greek shipping company Navios, in the report. "In 2026, the question after an incident won't be was the AI wrong?' but why was it trusted?”

Data suggests that system trust is also being eroded with the proliferation of edge network devices, such as routers, firewalls, and VPNs. According to Cydome this “digital gateway” was routinely exploited, with attacks increasing in 2025 by 800%, of which 20% targeted firewalls and VPNs directly.

The report reveals that it was in fact the wiping of “the network edge” that allowed Lab Dookhtegan hacktivists to disconnect a fleet of 116 tankers from the internet and the outside world.

By compromising the infrastructure of the connectivity provider, VSAT partitions on the ships hard drive were completely wiped. This resulted in a total loss of connectivity, substantial operational and safety risks, and compliance and legal issues. Hackers seized control of all ship-to-shore VOIP services.

“In 2026, the most significant cybersecurity risk will come from inside the perimeter,” says Øystein Brekke-Sanderud, Head of Maritime OT/ICS Security at NORMA Cyber. “As organisations become more digitally integrated, insider risk, whether malicious, compromised, or accidental,  will be one of the hardest challenges to detect and manage. Resilience will increasingly depend on how well we detect subtle signals early, not just how well we defend the edge."

Panagiotis Anastasiou, Cyber Security Strategy Leader with Bureau Veritas Marine & Offshore furthers: “Attacks are inevitable and, as an incidents analysis indicates, are becoming more sophisticated; the differentiator will be how quickly and safely a shipping company can detect, respond, and continue operations.”

The Cydome Maritime Cyber Trends Report 2026: What Shipping Executives Need to Know, draws on operational data, incident records and executive commentary from across the global maritime sector, with data and insight from 13 industry leaders, including shipowners and classification societies.

The full report is available at https://cydome.io/cydome-maritime-trends-report-2026/

About Cydome

Cydome delivers a smarter, proactive and more resilient approach to maritime cybersecurity. Its independent and unbiased cybersecurity for maritime vessels and companies brings to light and prevents risks that companies aren’t even aware of. Remote facilities operations such as vessels and offshore facilities require uncompromising cybersecurity that does not add an operational overhead.

Cydome was established by a group of cyber and marine experts. Its headquarters are in the United Kingdom, with several other branches supporting operations around the globe. https://cydome.io

For further information, please contact:

Seaborne Communications PR
Email: pr@seabornecomms.com
Web: www.seabornecomms.com