The maritime sector is facing a new wave of cyber threats, with artificial intelligence (AI) enabling attacks that unfold at unprecedented speed and sophistication. According to new research from maritime cybersecurity firm Cydome, 83% of phishing emails targeting multinational crews are now , written in native languages, and tailored to cultural nuances. This represents a dramatic shift in the nature of cyber threats, which are now evolving faster than the industry can respond.

Accelerated Exploitation of Vulnerabilities

Data from Cydome highlights a stark acceleration in the exploitation of software vulnerabilities. In 2018, attackers typically took 63 days to exploit a newly published flaw. By 2024, that window had collapsed to five days. Today, AI-powered hacking tools have reduced the timeframe to less than 48 hours, with some systems being targeted within 15 minutes of a vulnerability being detected.

Cydome’s report warns that 87% of organizations now view AI-related vulnerabilities as their fastest-growing threat. This signals a collapse of the traditional security response cycle, where defenses are struggling to keep pace with the speed of attacks.

Tetsuji Madarame, a maritime and logistics expert and former Head of Digital Transformation and Innovation at NYK Line, emphasized that as AI moves rapidly from a generative to an agentic and physical model, expanding into autonomous navigation and optimal fleet operations, “protecting AI-related assets must be a top priority.”

AI-Driven Social Engineering Attacks

The report highlights how AI is transforming the sophistication and speed of social-engineering attacks. One high-profile case involved a European energy major that lost $25 million after attackers used a deepfake audio clone of the company’s CFO to authorize an urgent wire transfer. The voice matched the executive’s tone, dialect, and cadence so precisely that staff complied without hesitation.

In another incident, a $200,000 compensation payment intended for the family of a deceased seafarer was diverted. Criminals used an AI-powered email interceptor to alter account details. Cydome also documents a case in which a company unknowingly hired an infiltrator. The infiltrator used an AI-manipulated photograph and a stolen identity to pass four separate video interviews. Furthermore, the operative used a “laptop farm” to bypass location checks and attempted to access internal servers.

The report warns that the broader digital ecosystem is now saturated with autonomous agents. In fact, 82 AI identities operate online for every one human identity. As a result, this complicates authentication and trust.

Expanding Attack Surface and Insider Threats

The proliferation of edge-network devices—routers, firewalls, VPNs, and satellite terminals—is creating new vulnerabilities across maritime operations. Additionally, Cydome reports an 800% increase in attacks on edge infrastructure in 2025. Notably, 20% of these attacks directly target firewalls and VPNs.

One of the most striking examples involved the Lab Dookhtegan hacktivist group, which managed to disconnect 116 tankers from the internet by wiping the “network edge” of their satellite connectivity provider. Attackers erased VSAT partitions on ship hard drives, cutting off all communications, including ship-to-shore VOIP services. The incident created severe operational, safety, and compliance risks.

Katerina Raptaki, IT Manager at Greek shipping company Navios, said that shipping companies are deploying AI faster than they are defining cyber accountability. “In 2026, the question after an incident won’t be ‘was the AI wrong?’ but ‘why was it trusted?’”

The Cydome Maritime Cyber Trends Report 2026: What Shipping Executives Need to Know draws on operational data and incident logs. It also pulls insights from 13 industry leaders, including shipowners and classification societies. Its findings paint a picture of an industry modernizing faster than it can secure itself.

AI is delivering major operational efficiencies. However, it is also enabling attackers to deploy autonomous, adaptive, and nearly undetectable cyberattacks. As the maritime sector becomes more connected, the report warns that the next major cyber incident may unfold too quickly for human intervention.

Øystein Brekke-Sanderud, Head of Maritime OT/ICS Security at NORMA Cyber, said: “In 2026, the most significant cybersecurity risk will come from inside the perimeter. As organizations become more digitally integrated, insider risk, whether malicious, compromised, or accidental, will be one of the hardest challenges to detect and manage. Resilience will increasingly depend on how well we detect subtle signals early, not just how well we defend the edge.”

Panagiotis Anastasiou, Cyber Security Strategy Leader with Bureau Veritas Marine & Offshore added: “Attacks are inevitable and, as an incidents analysis indicates, are becoming more sophisticated; the differentiator will be how quickly and safely a shipping company can detect, respond, and continue operations.”