The Maritime Market Is No Exception to AI Hacking (2/3) : Is Your Ship Safe in the Age of AI Hacking?
Part 1 covered what Claude Mythos is and how it works. This Part 2 examines how that threat connects specifically to vessels and the shipping industry — dissecting the IT/OT divide, ship-specific structural vulnerabilities, and why AI-powered attacks have already materialized in the real world. Key terms are explained in context; no security background required.
Prologue
November 2025. Approximately 30 organizations were compromised in near-simultaneous attacks.
Technology companies, financial institutions, chemical manufacturers, and government agencies. The attackers were few in number — yet 80–90% of the attack activity was not conducted by humans.
In an incident disclosed by Anthropic, suspected Chinese state-sponsored actors jailbroke Claude Code and ran an autonomous cyber espionage campaign. Reconnaissance, privilege escalation, lateral movement, credential theft, and data exfiltration — all executed with minimal human oversight, at a request rate no human operator could sustain. Four organizations were successfully compromised. (CSA Lab Space)
This was accomplished with a model from before Mythos.
And who can say with certainty that shipping companies, shipyards, and maritime groups are not on that target list.
1. IT and OT — Two Worlds Inside One Hull
To understand vessel cybersecurity, we need to know the difference between two distinct network environments.
IT (Information Technology) is the computing environment we use every day: email, documents, the internet, business management systems. Its purpose is to process and transmit data. When something breaks, you restart it or apply a patch.
OT (Operational Technology) directly controls physical equipment and processes. On a vessel, this includes propulsion engine control, generator management, ballast pumps, and cargo handling equipment. When an OT system fails, a restart is not the end of it — the ship can deviate from course, the engine can stop, or fire can break out.
Many OT systems across energy, utilities, manufacturing, and transportation are decades old — warranties expired, security patches impossible to apply. These environments were designed for reliability, not security. (Bain & Company)
Vessels are where these two worlds coexist inside a single hull — with a boundary far thinner than most assume.
2. The Structural Vulnerability of Ship OT Environments
A vessel’s network, simplified, looks like this:
On many vessels in service, the E26 segmentation boundary is less robust than design drawings suggest.
The attacker’s typical entry path begins in the IT network. A satellite communications gateway, an ECDIS update port, or the moment a crew member connects a personal device via USB — each can serve as an entry point.
IACS UR E26 requires differentiated security zones and appropriate isolation. But compliance verification concentrates at the shipyard delivery point and during periodic class survey intervals. Who is watching the actual operational state of the vessel in between?
3. Three Reasons Ships Are Especially Exposed
Vessels carry structural conditions that make them more exposed than typical enterprise IT environments.
A typical enterprise can apply a security patch within days or weeks. Core OT systems on vessels are different — when a patch cannot be applied without interrupting operations, the ship waits for its next drydock schedule. That gap is one to five years.
In an environment where AI compresses the time from vulnerability discovery to working exploit to near zero, a 1–5 year patch gap is an open window for attackers. (CSA Lab Space)
The proliferation of smart ship technology and remote monitoring is widening the data connection between vessels and shore. This is the right direction for operational efficiency — but it proportionally enlarges the attack surface accessible from outside.
A large shipping company’s cybersecurity team is at headquarters — not on the vessel. When an attack is underway, is there anyone aboard who can respond immediately? On most ships, the answer is no.
4. Why CVE Databases Are No Longer Enough
One of the first things security practitioners check is the CVE (Common Vulnerabilities and Exposures) list — confirming whether known vulnerabilities exist in their systems, then applying patches. This has been the standard for years.
Mythos shattered that premise.
More than 99% of vulnerabilities Mythos discovered were not yet patched, most had never been publicly disclosed, and none were listed in any CVE database. A vulnerability management program that uses CVE feeds as its primary input is, by definition, blind to the entire class of threat that Mythos represents. (ArmorCode)
"Our systems have no known vulnerabilities" is no longer synonymous with "We are safe." Mythos finds vulnerabilities no one knew existed — not in CVE, with no available patch, yet fully functional as working exploits. Flaws hidden for 17 or 27 years have been discovered this way.
CVE (Common Vulnerabilities and Exposures): a publicly maintained catalogue of disclosed security vulnerabilities, used as the standard reference for patch management and vulnerability scanning.
5. Ship Attack Surface Map — System-by-System Threat Scenarios
These threats do not exist in isolation. The typical pattern of autonomous chaining attacks that Mythos executes: breach via a low-security system (CCTV or IoT sensors) → internal reconnaissance → lateral movement to propulsion control or ECDIS.
| System | Attack Vector | Potential Impact | Risk |
|---|---|---|---|
| VSAT / Sat Gateway | Internet-facing interface | Primary IT network entry | HIGH |
| ECDIS Navigation | Update port / IT pivot | Course deviation, grounding | HIGH |
| Propulsion Control | IT–OT lateral movement | Engine shutdown, loss of control | CRITICAL |
| Ballast Systems | IT–OT lateral movement | Stability compromise | HIGH |
| CCTV / IoT Sensors | Low-security entry point | Network pivot, reconnaissance | MEDIUM |
| Cargo Mgmt System | IT network / satellite | Commercial data theft, ransom | MEDIUM |
6. Even Without Direct OT Access, Mythos Is a Threat
In AISI’s evaluation, there was a notable result.
Mythos did not complete the OT-focused cyber range ‘Cooling Tower’ — it was blocked at the IT section. This does not mean Mythos is weak against OT environments. (UK AISI)
The bottleneck to compromising OT is IT access. And at IT penetration, Mythos is already more than capable. Once a foothold is established in the IT network, the distance to OT systems on a vessel is shorter than most expect — particularly on ships where IACS E26’s required network segmentation has not been fully implemented.
7. What the IACS Framework Misses
IACS UR E26 and E27 are the most sophisticated vessel cybersecurity regulations produced to date — CBS security capability requirements, software maintenance, network segmentation, security management systems. All point in the right direction. Major shipyards including HHI, Samsung Heavy Industries, and HD Hyundai are pursuing Type Approval under these regulations.
But the threat model these regulations were designed against belongs to the world before Mythos.
E26’s requirement to “patch known vulnerabilities” is a necessary condition, not a sufficient one, in an environment where AI generates zero-days not listed in any CVE database in real time. The era when legacy system complexity served as an obstacle to attackers is over. AI navigates that complexity at machine speed. (Bain & Company)
| E26/E27 Requirement | Mythos-Era Limitation | Implication |
|---|---|---|
| Known vulnerability patching | No response to CVE-unregistered threats | 99%+ of threats below radar |
| Network segmentation | OT reachable after IT-side entry | Boundary alone may be insufficient |
| Software inventory (SBOM) | Runtime vulnerabilities not included | SBOM alone is insufficient |
| Type Approval inspection | Static evaluation at delivery | Operational state not captured |
8. What Actually Happened — The 2025 AI Espionage Campaign
If this sounds like an abstract threat scenario, it is worth revisiting what has already occurred.
In November 2025, suspected Chinese state-sponsored actors jailbroke Claude Code and ran an autonomous cyber espionage campaign against approximately 30 global organizations. AI agents autonomously performed 80–90% of all operations — reconnaissance, privilege escalation, lateral movement, credential theft, and data exfiltration — at a request rate impossible for human operators to sustain. Four organizations were successfully compromised. Anthropic detected the activity in September, investigated for approximately 10 days, then blocked the relevant accounts and notified affected organizations. (CSA Lab Space)
This campaign was executed with a pre-Mythos model. And the shipping and shipbuilding industry is traditionally one of the primary targets of state-sponsored cyberattacks, alongside technology companies, financial institutions, and government agencies.
87% of global organizations report having experienced AI-powered cyberattacks in the past year. This is not a future threat. It is happening now. (Bain & Company)
9. “We’re a Small Shipping Company — We’re Not a Target”
Some readers may think this way. They are wrong. For two reasons.
First, the cost structure of AI-based attacks has changed. Scanning an entire codebase costs under $50. Attackers do not need to select specific targets — they scan every exposed system simultaneously. Being small does not mean being safe. It means being more likely to have weaker defenses. (CSA Lab Space)
Second, the shipping industry becomes a vector for supply chain attacks. AI-based attacks increasingly exploit vendors, partners, and third-party software as entry paths into larger organizations. Even well-defended major shipping companies can be compromised through partners with weaker defenses. (Bain & Company)
Small shipping companies, vessel management firms, and equipment suppliers — all are part of the supply chain.
10. So What Do We Do?
The specific answer is Part 3’s subject. But the direction is already visible.
AISI confirmed that Mythos can autonomously attack weakly defended small networks. It could not make the same determination for well-defended environments with active defenders, defense tools, and penalties for triggering security alerts. (UK AISI)
Strong cybersecurity fundamentals provide meaningful protection even against AI-based attackers. Zero trust architecture, automated patching, strong access controls, anomaly detection — these offer significant protection. (Bain & Company)
The core insight: Mythos does not create new vulnerabilities. It finds what already exists. Therefore, the first principle of defense is ensuring those vulnerabilities do not exist — or making them difficult to reach even if they do. How to implement this in the maritime environment — SFI code-based asset classification, a Mythos-era reinterpretation of IACS E26/E27 compliance strategy, and integrated AI-assisted penetration testing methodology — is the subject of Part 3.
“What this threat landscape reveals is not merely a cybersecurity challenge — it is an operational risk challenge. For the maritime sector, the attack surface is not a server room in an office building. It is a vessel underway in the middle of the ocean, where OT failure is not a business disruption but a safety emergency. The question is not whether our ships will be targeted. The question is whether we have closed the gap between our compliance posture and our actual resilience.”
The IACS framework is a necessary foundation. But compliance is not the same as security. In the Mythos era, the gap between the two has never been wider — or more consequential.
Threat diagnosed. Attack surface mapped. Now the practical question: what do we actually do? SFI-based CBS asset classification, a Mythos-era reinterpretation of IACS E26/E27 compliance strategy, and integrated AI-assisted penetration testing — concrete methodology for maritime cybersecurity practitioners.
Read Part 3 →
Captain Paul
Writing on the intersection of maritime operations and emerging cyber threats, with a focus on helping the shipping industry understand and respond to the AI security landscape.
Comments
Post a Comment