For decades, the maritime industry treated cybersecurity as a secondary concern — a back-office IT problem peripheral to the physical business of moving cargo across oceans. That comfortable assumption was already under strain before 2025. It has since been demolished. Maritime cyber incidents more than doubled year-on-year between 2024 and 2025, according to South Korean cybersecurity firm CYTUR, and the driving force behind this acceleration is not merely the proliferation of digital systems aboard vessels and in ports — it is the arrival of artificial intelligence as an autonomous offensive weapon (Maritime Executive, 2026). The maritime sector is now, in the words of one industry analyst, navigating a “Third Era of Maritime Risk” defined not by accidental malware or opportunistic criminals, but by the weaponisation of adversarial AI and the systematic targeting of the digital supply chain (MarineLink, 2026). This essay examines the specific threat of AI-driven and autonomous cyberattacks against shipping, arguing that the speed, scale, and sophistication these capabilities enable has rendered the maritime industry’s existing defensive posture fundamentally inadequate and that the consequences of inaction are now measurable in physical casualties, not merely financial losses.
The most immediate operational consequence of AI’s integration into offensive cyber operations is the destruction of the time buffer that defenders once relied upon. In 2018, the average time from a software vulnerability being publicly disclosed to an actual attack exploiting it was 63 days — a window sufficient for security teams to assess, patch, and protect affected systems (Cydome, 2026). By 2024, that window had collapsed to five days. In 2025, AI-driven tools reduced it further still, with many systems targeted within 15 minutes of a flaw being detected and published (Cydome, 2026). The implications for an industry where the average time to patch critical vulnerabilities remains 15 to 30 days — and where vessels at sea may be entirely disconnected from update servers for extended periods — are severe. CYTUR documented that in 2025, 50 to 60 percent of newly disclosed software vulnerabilities were weaponised within 48 hours of their CVE publication (Shipping Telegraph, 2026). Nearly 50,000 new vulnerabilities were published across the year, including 52 classified as critical or high-severity every single day (Cydome, 2026).
The human element of the defence equation is being simultaneously degraded. Cydome’s 2026 Maritime Cyber Trends Report found that 83 percent of phishing emails already use AI to target multinational crews, and the industry has recorded a 195 percent increase in AI-driven identity fraud (Smart Maritime Network, 2026). In one documented incident reported in the Cydome analysis, a European energy major was defrauded of $200,000 in crew compensation payments diverted to a criminal account by an AI-based email interceptor (Smart Maritime Network, 2026). In another case, a maritime firm unknowingly hired an operative who used an AI-enhanced photograph and a stolen identity to pass four separate video interviews before attempting to infiltrate the company’s internal servers from a concealed location using a laptop farm (Smart Maritime Network, 2026). These are not outlier incidents — they are indicators of a systematic shift in the threat model: AI has democratised sophistication, enabling actors with limited technical capability to launch attacks that previously required nation-state resources.
The most alarming development in the current threat landscape is the emergence of genuinely autonomous attack operations — AI agents that can execute the majority of a cyberattack lifecycle without meaningful human direction. CYTUR forecast in its 2026 Maritime Cyber Threat White Paper that 2026 would mark the beginning of an era of “autonomous attacks” with largely or fully AI-directed hacking campaigns, lowering the barrier to entry and enabling low-skilled threat actors to execute nation-state-level operations at scale (Maritime Executive, 2026). This is not speculative: in January 2026, an AI model autonomously discovered 12 previously unknown zero-day vulnerabilities in OpenSSL — one of the most heavily scrutinised software libraries in existence — including one that had gone undetected for 15 years (Cydome, 2026; Industrial Cyber, 2026). Cydome separately reported that approximately 82 autonomous AI agents now operate on the internet for every one human identity, representing a structural inversion of the human-machine balance that underpins every traditional security model (Marine Log, 2026).
The China-linked advanced persistent threat group GTG-1002, documented by CYTUR, demonstrated that AI agents can now perform up to 90 percent of the attack lifecycle — from initial vulnerability analysis through network penetration, lateral movement, data exfiltration, and cover-track deletion — without requiring a human operator at each stage (Shipping Telegraph, 2026). This capability does not merely accelerate attacks; it enables continuous, persistent operations against maritime targets at a tempo that human defenders cannot match through manual response. As Katerina Raptaki, IT Manager at Greek shipping company Navios, warned in Cydome’s industry report: “Shipping companies are deploying AI faster than they are defining cyber accountability. In 2026, the question after an incident won’t be ‘was the AI wrong?’ but ‘why was it trusted?'” (Marine Log, 2026, para. 4).
The proliferation of AI-enabled offensive capabilities is not confined to criminal groups. State actors have been integrating AI into maritime cyber operations as part of broader hybrid warfare strategies, using maritime infrastructure as a target domain precisely because its international character, multiple flag state jurisdictions, and inconsistent regulatory oversight create persistent enforcement gaps. The U.S. Department of Defence and NSA issued a joint Cybersecurity Advisory in May 2025 specifically warning of Russian GRU targeting of logistics infrastructure — including maritime supply chain nodes — using increasingly automated tooling (NATO Cooperative Cyber Defence Centre of Excellence [CCDCOE], 2025). Chinese state actors have compromised classification societies that certify the world’s commercial fleets, gaining intelligence on vessel systems and vulnerabilities that could be exploited at fleet scale (Cyble, 2025). CYTUR’s threat intelligence documented that in March 2025, in direct coordination with U.S. military strikes on Houthi rebels in Yemen, the anti-Iranian hacktivist group Lab Dookhtegan launched an AI-orchestrated attack that disabled satellite communications (VSAT) on 116 Iranian-linked tankers simultaneously — demonstrating that maritime cyber weapons can now be deployed in real-time coordination with kinetic military operations (Maritime Executive, 2026).
The CYTUR White Paper characterised this as a transition from cyber incidents as economic disruption to “cyber-physical attacks” in which digital breaches produce direct physical consequences — destroyed equipment, manipulated navigation systems, remote control of safety-critical ballast valves (Shipping Telegraph, 2026). One documented worst-case incident in the CYTUR report involved attackers who gained remote access to ballast control systems and ECDIS chart systems — the digital navigation infrastructure that determines a vessel’s course — after penetrating shoreside supply chain management software (Maritime Executive, 2026). The physical convergence point between digital vulnerability and maritime catastrophe is no longer theoretical.
The regulatory framework has begun to catch up, but faces the fundamental challenge that the threat is accelerating faster than compliance timelines allow. The U.S. Coast Guard’s final cybersecurity rule for the Marine Transportation System, published in January 2025 and effective July 16, 2025, for the first time mandates mandatory incident reporting, cybersecurity officer designation, cybersecurity plans, and annual training requirements for U.S.-flagged vessels and port facilities (Federal Register, 2025). The International Association of Classification Societies (IACS) Unified Requirements E26 and E27, mandatory for vessels contracted for construction from July 1, 2024, require cyber resilience to be designed into vessels from the initial shipyard phase rather than retrofitted as an afterthought — a structural shift that MarineLink characterised as moving the industry from “voluntary guidelines to a mandatory baseline of digital resilience” (MarineLink, 2026, para. 8; Speedcast, 2025). CYTUR has characterised 2026 as the “first year of practical verification” — the year when newbuilds contracted under these IACS requirements begin to be delivered and actually tested against their cyber resilience certifications (SMI Digital, 2026).
Yet the IACS framework applies only to vessels contracted after July 2024, leaving the vast majority of the existing global fleet — tens of thousands of ships operating on legacy systems with no equivalent mandated standard — entirely outside its scope. The U.S. Coast Guard rule’s deadline for cybersecurity plan submission extends to July 2027, and even security professionals directly involved in implementation have expressed concern that many operators will treat the training mandate as a checkbox exercise rather than a genuine capability investment (Maritime Executive, 2025). Dryad Global’s 2025 analysis noted that compliance remains “inconsistent” across the industry, with smaller operators in particular “struggling to meet new standards, leaving gaps that sophisticated attackers can exploit” (Digital Ship, 2025).
AI has transformed the maritime cybersecurity threat from a manageable operational risk into a structural challenge that touches every vessel, port, and digital supply chain node in the global shipping system. The collapse of the exploitation window to minutes, the emergence of autonomous attack agents capable of executing operations without human direction, and the integration of AI-enabled cyber capabilities into state-sponsored hybrid warfare strategies have collectively overwhelmed the reactive, compliance-driven security posture that the maritime industry has relied upon for years. The regulatory frameworks now in force — IACS E26/E27, the USCG final rule, and the IMO’s cyber risk management requirements — represent necessary progress, but they are designed for the threat environment of 2022, not the autonomous attack landscape of 2026. Closing that gap requires not merely compliance but a wholesale cultural shift toward cyber resilience as an operational imperative — beginning, as CYTUR’s CEO Cho Yong Hyun has stated, with the recognition that maritime cybersecurity “is no longer an option but a matter directly linked to a vessel’s right to operate” (Maritime Executive, 2026, para. 2).
Cydome. (2026). Maritime cyber trends report 2026: What shipping executives need to know. https://www.marinelog.com/news/cydome-growing-ai-use-by-maritime-sharply-increases-the-risk-of-a-cyber-attack/
Cyble. (2025, July 29). Cyber threats surge against maritime industry in 2025. https://cyble.com/blog/cyberattacks-targets-maritime-industry/
Digital Ship. (2025). Maritime faces rising cyber threats in 2025. https://thedigitalship.com/news/maritime-satellite-communications/maritime-faces-rising-cyber-threats-in-2025/
Federal Register. (2025, January 17). Cybersecurity in the marine transportation system. https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system
Industrial Cyber. (2026, March). Cydome report finds 150% surge in maritime OT cyberattacks as ransomware tightens grip in 2025. https://industrialcyber.co/transport/cydome-report-finds-150-surge-in-maritime-ot-cyberattacks-as-ransomware-tightens-grip-in-2025/
Marine Log. (2026, March 2). Cydome: Growing AI use by maritime sharply increases the risk of a cyber attack. https://www.marinelog.com/news/cydome-growing-ai-use-by-maritime-sharply-increases-the-risk-of-a-cyber-attack/
MarineLink. (2026, March). Navigating the “Third Era” of maritime cyber risk. https://www.marinelink.com/news/navigating-third-era-maritime-cyber-risk-536724
Maritime Executive. (2025, November 15). Cyber proofing. https://maritime-executive.com/magazine/cyber-proofing
Maritime Executive. (2026, February 24). Report: Maritime cyberattacks doubled in 2025. https://maritime-executive.com/article/report-maritime-cyberattacks-doubled-in-2025
NATO Cooperative Cyber Defence Centre of Excellence. (2025). Addressing state-linked cyber threats to critical maritime infrastructure. https://ccdcoe.org/uploads/2025/07/CCDCOE_Policy_Brief.pdf
Shipping Telegraph. (2026, February). ‘The era of disconnected seas is over’: Maritime cyber incidents in 2025 surged by 103%. https://shippingtelegraph.com/shipping-reports/the-era-of-disconnected-seas-is-over-maritime-cyber-incidents-in-2025-surged-by-103/
Smart Maritime Network. (2026, March 2). AI is placing maritime industry at greater risk of cyber-attack — report. https://smartmaritimenetwork.com/2026/03/02/ai-is-placing-maritime-industry-at-greater-risk-of-cyber-attack-report/
SMI Digital. (2026). CYTUR warns of escalating cybersecurity attacks in its ‘2026 Maritime Cyber Threat White Paper.’ https://www.shipmanagementinternational.com/news/gf6rm38bhmjbw3y-2e6d9-57adc-n7ald-9kfp9-cnw38-93sws-7aypc-r5ab7-2bk79-fg9gz-4g6gb-pzpr4-l7w6x-t9zlk
Speedcast. (2025). Cybersecurity IACS E26 and E27. https://www.speedcast.com/blog-hub/2025/iacs-e26-e27-standards/
