Cydome: Growing AI use by maritime sharply increases the risk of a cyber attack

According to the company, new data shows that up to 60% of all newly disclosed software vulnerabilities on ship, onshore and offshore are being weaponized within 48 hours as hackers also begin to use AI to accelerate attacks.

In 2018, says Cydome, the average time from new software vulnerabilities being published to an actual attack was 63 days; by 2024, it had fallen to five days. Today, AI-driven tools have reduced the hacking window to less than 48 hours, with many systems being targeted within just 15 minutes of a system flaw being detected.

Tetsuji Madarame, former head of digital transformation and innovation at NYK Line, says that as AI moves rapidly from a generative to agentic and physical model, expanding capabilities into autonomous navigation and optimal fleet operations, “protecting AI-related assets must be a top priority.”

Findings from a Cydome security research paper published this week indicates that 87% of organizations now view AI-related vulnerabilities as the fastest-growing risk, highlighting a dangerous collapse in the traditional security response window. While the technology streamlines operations, it also enables bad actors to carry out “flawless deception”.

Theofano Somaripa, group CIO with dry bulk operator Newport S.A, says that cyber-attacks in 2026 will be defined by a “shift in focus from digitalization to the radical restructuring of business models through AI”.

The report, which quotes a number of industry leaders, notes that 83% of phishing emails already use AI to target multi-national crews in their native language, and in a way that instantly establishes trust. This has led to a 1600% surge in voice phishing (vishing), where AI clones the speech pattern of C-suite executives to authorise fraudulent transactions.

In a one incident, says Cydome, “this type of AI-based skullduggery was used to fleece a European energy major out of $25 million, when attackers used a deepfake audio clone of the company’s CFO to instruct staff to carry out an urgent wire transfer. The voice was so precise in tone, dialect and cadence that the money was gone in a flash.”

In a different incident, a $200,000 crew compensation payment was diverted using an AI-based email interceptor to a criminal’s own account rather than to the family of the deceased seafarer.

And further illustrative of the 195% increase in AI-driven identity fraud, a firm unknowingly hired an operative who used an AI-enhanced photograph and a stolen identity to pass four separate video interviews. Bypassing standard captcha-style verification processes, the fraudster used a “laptop farm” to mask their true location while attempting to infiltrate the company’s internal servers.

This mirrors a broader identity crisis where, says Cydome, 82 autonomous AI agents now operate on the internet for every one human identity.

‘Shipping companies are deploying AI faster than they are defining cyber accountability,” Katerina Raptaki, IT manager at Navios, warns in the report. “In 2026, the question after an incident won’t be “was the AI wrong?’ but why was it trusted?”

Data suggests that system trust is also being eroded with the proliferation of edge network devices, such as routers, firewalls, and VPNs. According to Cydome this “digital gateway” was routinely exploited, with attacks increasing in 2025 by 800%, of which 20% targeted firewalls and VPNs directly.

The report reveals that it was in fact the wiping of “the network edge” that allowed Lab Dookhtegan hacktivists to disconnect a fleet of 116 tankers from the internet and the outside world.

By compromising the infrastructure of the connectivity provider, VSAT partitions on the ships hard drive were completely wiped. This resulted in a total loss of connectivity, substantial operational and safety risks, and compliance and legal issues. Hackers seized control of all ship-to-shore VOIP services.

“In 2026, the most significant cybersecurity risk will come from inside the perimeter,” says Øystein Brekke-Sanderud, head of maritime OT/ICS security at NORMA Cyber. “As organizations become more digitally integrated, insider risk, whether malicious, compromised, or accidental, will be one of the hardest challenges to detect and manage. Resilience will increasingly depend on how well we detect subtle signals early, not just how well we defend the edge.”

Panagiotis Anastasiou, cyber security strategy leader with Bureau Veritas Marine & Offshore says: “Attacks are inevitable and, as an incidents analysis indicates, are becoming more sophisticated; the differentiator will be how quickly and safely a shipping company can detect, respond, and continue operations.”