The speed with which the global maritime industry is adopting AI technology to optimise operations, recruitment and maintenance is leaving the sector open to a swift, autonomous cyberattack that is almost impossible to detect before it is too late, according to research by cyber security specialist Cydome.

New data shows that up to 60% of all newly disclosed software vulnerabilities on ship, onshore and offshore are being weaponised within 48 hours as hackers also begin to use AI to accelerate attacks. In 2018, the average time from new software vulnerabilities being published to an actual attack was 63 days; by 2024, it had fallen to five days. Today, AI-driven tools have reduced the hacking window to less than 48 hours, with many systems being targeted within just 15 minutes of a system flaw being detected.

Findings from the Cydome security research paper indicate that 87% of organisations now view AI-related vulnerabilities as the fastest-growing risk, highlighting a dangerous collapse in the traditional security response window. While the technology streamlines operations, it also enables the nefarious to carry out “flawless deception”.

The report notes that 83% of phishing emails already use AI to target multi-national crews in their native language, and in a way that instantly establishes trust. This has led to a 1600% surge in voice phishing (vishing), where AI clones the speech pattern of C-suite executives to authorise fraudulent transactions.

Data suggests that system trust is also being eroded with the proliferation of edge network devices, such as routers, firewalls, and VPNs. According to Cydome this ‘digital gateway’ was routinely exploited, with attacks increasing in 2025 by 800%, of which 20% targeted firewalls and VPNs directly.

The report reveals that it was in fact the wiping of ‘the network edge’ that allowed Lab Dookhtegan hacktivists to disconnect a fleet of 116 tankers from the internet and the outside world. By compromising the infrastructure of the connectivity provider, VSAT partitions on the ships hard drive were completely wiped. This resulted in a total loss of connectivity, substantial operational and safety risks, and compliance and legal issues. Hackers seized control of all ship-to-shore VOIP services.

Øystein Brekke-Sanderud, head of maritime OT/ICS Security at NORMA Cyber, said: “In 2026, the most significant cybersecurity risk will come from inside the perimeter. As organisations become more digitally integrated, insider risk – whether malicious, compromised, or accidental – will be one of the hardest challenges to detect and manage. Resilience will increasingly depend on how well we detect subtle signals early, not just how well we defend the edge.”

---