In 2017, hackers managed to infiltrate a newly installed, high-tech fish tank in a casino. They stole 10 gigabytes of data – an amount equal to over 100 hours of internet browsing. Nearly 10 years later, AI tools are rapidly accelerating hackers’ ability to find their way into the kind of integrated technological systems found aboard superyachts.

Charles Bain, senior penetration tester, loves his job as a hacker – or rather, a pretend hacker.

Bain is part of the red team at CND Ltd, a cyber security firm, where he takes part in attempts to infiltrate the digital environments of buildings, companies, or even superyachts. The aim is to identify weaknesses based on the red team’s successes and then patch those vulnerabilities before a real hacker finds them. Blue teams are employed to provide cyber defences.

The rise in digital functionality aboard superyachts, much like the rise across many companies and industries, presents ever more targets for inventive hackers. The threat has been amplified further by AI tools that can write code and exploit systems to such an extent that even non-specialists could conceivably get involved.

Like the fish tank scenario in the casino, superyachts often incorporate new technological systems that connect to older infrastructure, creating potential weaknesses.

Bain points to modern dashboard technology that might be connected to legacy systems such as bilge pumps or engines. A successful attack could allow a hacker to control a vessel’s engines. “The more functionality you have, the more possibilities there are for an attack.”

The case of the fish tank and the casino is an example of what is referred to as “lateral movement”. The fish tank thermostat was connected to a wireless network, which provided a point of entry for hackers. From there, they were able to move laterally through other systems, all the while seeking access to increasingly sensitive data and controls.

Creating an entirely independent network for the fish tank would provide near-total cybersecurity. But connecting it to other systems enables features such as automated lighting and feeding. It is this connectivity that allows cyber attackers to move laterally and lies at the heart of cybersecurity concerns aboard modern superyachts.

According to Bain, creating the level of security required for sensitive networks is achievable, but it must be implemented at the beginning of a build or refit project. Bain says awareness is key. “This technology is fantastic, but if there’s no awareness of security at that (early) stage, then when someone does come in with security knowledge, it looks like a Christmas tree – there are loads of alarm bells going off.”

Although Bain has not yet “attacked” a superyacht as part of a red team exercise, the blueprint for doing so already exists, and the technologies involved have been targeted before. “We would look at previous attacks and then examine those threat actors, performing something called threat mapping. We take many of the tactics, techniques and procedures that are well documented for different cyber groups and assess which ones apply.”

The focus of such an attack might be on control systems and the use of lateral movement.

Even if you were to go to Claude and pay $20 a month, that’s going to give you some really substantial output to use in an attack

Charles Bain

Then there is the question of generative AI tools being used by cybercriminals. Bain refers to modern AI tools as “accelerants”. Just as researchers might use AI tools to increase their capacity, cybercriminals can use them to carry out more tasks more efficiently.

“Even if you were to go to Claude and pay $20 a month, that’s going to give you some really substantial output to use in an attack,” says Bain. “There are groups out there already using what we refer to as C2 frameworks, meaning command and control. When you are on the red team, if you want to see all the assets you’ve compromised and be able to access and manage them, we’ve got AIs to do that for us and to make those decisions. And yes, it’s getting quite scary.”

Concern about the impact of AI tools on cybersecurity has risen dramatically around the launch of Anthropic’s Mythos, said to enable cyber hacking at unprecedented scale. So far, wider worries about cyber threats emanating from common AI tools are less about what they can do now and the progress they’ve made. A report by the UK’s National Cyber Security Centre found that the latest AI models (as of March 2026) could not yet autonomously perform all the tasks required of a cyber hacker, but that best model in early 2026 completed six times more attack steps than the best model 18 months earlier and the costs of these operations are getting cheaper. 

The good news is that AI tools can also be put to work in cyber defence. Bain and CND are experimenting with the same tools that hackers might use, thus keeping their red team operations sharp.

Another angle of attack is less digital – what Bain calls “social engineering”. This involves learning the habits of individual crew members and finding ways to breach security. He cites a classic tactic as an example: a cyber attacker leaves a key ring with a USB stick on a bar table where crew members frequently gather. An unsuspecting crew member picks it up and inserts the USB stick into their laptop, thereby unwittingly granting access to protected networks.

Honestly, it’s ridiculous the number of things you can exploit or compromise due to a lack of updates

Charles Bain

The USB stick is an old trick, but it remains a clear example of what cybersecurity professionals refer to as social engineering. Today, similar tactics are often carried out through email phishing.

Downloading and installing security patches is also a strong line of defence, although the relative benefit of updates is decreasing. “Honestly, it’s ridiculous the number of things you can exploit or compromise due to a lack of updates,” says Bain. He also highlights basic “cyber hygiene”, such as using strong passwords and applying common-sense measures to avoid giving cybercriminals easy wins.

To date, no red team–blue team cybersecurity exercise has been conducted on a superyacht, and AI tools have not yet been tested in such an endeavour. However, that may change soon, given the stakes and the growing vulnerability.