Security & Compliance

Privacy, data sovereignty, breach response, CMMC/SOC2/HIPAA, and the legal shape of AI at sea.

USCG Cyber Rule Meets Vessel AI

The USCG cybersecurity rule hits its July milestone in six weeks. The IT/OT segmentation mandate validates sovereign vessel AI architecture.

Ethan Marsh·May 25, 2026

A worm compromised 633 npm packages in an hour. On-vessel software needs air-gapped dependency pipelines, not live registry pulls.

Ethan Marsh·May 20, 2026

ABB and Cydome are merging cyber risk and voyage optimization into one platform. The real question is where that platform runs.

Marcus Hale·May 15, 2026

Dragos found attackers using Claude to identify OT targets inside a water utility. Vessel operators should assume the same capability applies at sea.

Marcus Hale·May 11, 2026

Most vessel networks were designed for convenience, not security. A practical zero-trust architecture for superyacht IT and OT segmentation.

Marcus Hale·May 10, 2026

A critical LiteLLM SQL injection hands attackers every API key the proxy stores. Vessel operators relying on cloud AI gateways take note.

Marcus Hale·April 29, 2026

Russia's APT28 is deploying PRISMEX malware against NATO maritime logistics. Here is what vessel operators need to know about this active campaign.

Marcus Hale·April 27, 2026

Cydome found authentication and path-traversal flaws in the NAVTOR NavBox. The fix matters less than what the bugs reveal about maritime OT security.

Marcus Hale·April 24, 2026

Maritime cyber incidents doubled in 2025, with ransomware now targeting engine and ballast systems. Local-first AI reduces the blast radius.

Ethan Marsh·April 20, 2026

Most superyachts are not DoD contractors, but CMMC and NIST 800-171 still matter. The compliance map: what applies and what to build.

Marcus Hale·April 12, 2026

Anthropic's Mythos found thousands of zero-days in partner infrastructure. Here is what that means for vessel fleet cybersecurity.

Marcus Hale·April 10, 2026