Industry Insights4 min read
Cruise AI Fails on Data, Not Models
Seatrade says cruise AI fails because the data layer is broken. They are right. But fixing it means fixing where the data lives, not just how it connects.
Marcus Hale·May 22, 2026
Author
Marcus Hale
Head of Security & Compliance, ShipboardAI
Marcus Hale has spent the last three decades in the trenches of cybersecurity, from hands-on incident response to expert witness testimony to helping organizations navigate CMMC, SOC2, and HIPAA. He has advised thousands of businesses on securing their data and maintains a zero-breach record among clients who actually follow his guidance.
At ShipboardAI, Marcus owns the security and compliance posture of every deployment. On-vessel AI introduces a threat model most maritime operators have never had to think about: hardened compute stacks in physically insecure environments, sensitive guest data processed entirely on a moving platform, and no IT department down the hall when something goes sideways at 3am off the coast of Corsica.
Marcus writes about the problems that make general counsels nervous. Data privacy for luxury charter operators. Ransomware response when your only connectivity is a degraded VSAT link. Supply chain risk in marine IT procurement. The unglamorous security work that separates a real deployment from a demo.
Credentials
- CMMC Registered Practitioner
- Licensed Digital Forensics Examiner
- Cybersecurity Expert Witness
- MIT AI Certified
- CompTIA Security+
Recent posts by Marcus
Edge AI5 min read
MSC's AI Concierge: One Missing Answer
MSC's AI concierge processed a million guest messages at 93% satisfaction. Nobody asked where those conversations live or what happens offline.
Marcus Hale·May 18, 2026
Security & Compliance4 min read
When Cyber Risk Meets Voyage Planning
ABB and Cydome are merging cyber risk and voyage optimization into one platform. The real question is where that platform runs.
Marcus Hale·May 15, 2026
Security & Compliance5 min read
AI Found the OT Gateway First
Dragos found attackers using Claude to identify OT targets inside a water utility. Vessel operators should assume the same capability applies at sea.
Marcus Hale·May 11, 2026
Security & Compliance11 min read
Zero-Trust Networks for Private Vessels
Most vessel networks were designed for convenience, not security. A practical zero-trust architecture for superyacht IT and OT segmentation.
Marcus Hale·May 10, 2026
Security & Compliance5 min read
AI Gateways Are a Single Point of Failure
A critical LiteLLM SQL injection hands attackers every API key the proxy stores. Vessel operators relying on cloud AI gateways take note.
Marcus Hale·April 29, 2026
Security & Compliance5 min read
APT28 Targets Maritime Supply Chains
Russia's APT28 is deploying PRISMEX malware against NATO maritime logistics. Here is what vessel operators need to know about this active campaign.
Marcus Hale·April 27, 2026
Security & Compliance5 min read
Three CVEs in Your Vessel Data Gateway
Cydome found authentication and path-traversal flaws in the NAVTOR NavBox. The fix matters less than what the bugs reveal about maritime OT security.
Marcus Hale·April 24, 2026
Security & Compliance13 min read
CMMC Compliance for Superyachts
Most superyachts are not DoD contractors, but CMMC and NIST 800-171 still matter. The compliance map: what applies and what to build.
Marcus Hale·April 12, 2026
Security & Compliance6 min read
Mythos Zero-Days and Fleet Security
Anthropic's Mythos found thousands of zero-days in partner infrastructure. Here is what that means for vessel fleet cybersecurity.
Marcus Hale·April 10, 2026