Skip to content
Page 7 of 9

Setting the Scene

The Dark Fleet: Finding What Doesn't Want to Be Found

In 2022, roughly 97 vessels worldwide operated as "dark fleet": ships that disable their AIS (Automatic Identification System) transponders to evade sanctions and smuggle oil outside the view of authorities. AIS is a radio system that every large vessel is legally required to carry: it broadcasts the ship's identity, position, speed, and destination so that other ships and shore stations can see it. By late 2024, that number had grown to over 3,000. A 2,800% increase in two years. These vessels transport 4.1 million barrels of sanctioned oil per day, and more than 72% are older than 15 years, with no legitimate insurance or classification, making them high-risk for collisions and structural failure.

The consequences are real. On July 19, 2024, the very large crude carrier Ceres I was anchored in the South China Sea, carrying sanctioned Iranian oil. Its AIS showed "at anchor" while it was actually moving. Then it went completely dark. Hours later, the Singapore-flagged tanker Hafnia Nile collided with it, starting fires on both vessels. One crew member died. Two were injured. After the collision, the Ceres I turned off its AIS and fled the scene. Malaysian coast guard intercepted it two days later being towed deeper into the South China Sea. The Ceres I was on the OFAC (Office of Foreign Assets Control) sanctions list, the US Treasury's register of vessels, companies, and individuals that American entities are prohibited from doing business with. Its AIS had been broadcasting false position data. Satellite imagery could have detected it at anchor even when its transponder went silent.

The tragic part: the information to find these vessels already exists. AIS transponder data shows vessel positions, but only when the transponder is on. OFAC sanctions lists identify known bad actors by MMSI (Maritime Mobile Service Identity) number, a unique 9-digit identifier assigned to every vessel's transponder, but only if someone cross-references every vessel. Nonprofit organizations like Global Fishing Watch, whose mission is to advance ocean governance through transparency, track where and when vessels have historically gone dark. VIIRS (Visible Infrared Imaging Radiometer Suite) satellite imagery detects lights at sea at night, catching vessels whose transponders are off. Piracy incident records from NGA (National Geospatial-Intelligence Agency) provide threat context for high-risk areas. The data is there, but it sits in different systems with different formats, and no single tool brings it all together.

Today, you start building that tool. Your team is building a Dark Vessel Risk Assessment Tool: a system that cross-references vessel identity, behavior history, sanctions status, and satellite imagery to flag the vessels that warrant investigation. You have six data sources covering 200+ vessels across four maritime regions over a five-day window. Ten of those vessels are OFAC-sanctioned. Five will go dark during that window. Your job is to find them.

The dark fleet moves over $52 billion in sanctioned oil annually. When enforcement agencies can identify and track these vessels, sanctions become enforceable. In the first seven months of 2025, targeted enforcement against 180+ shadow tankers contributed to a 19% year-on-year drop in Russia's oil and gas revenues. The analytical tradecraft is the same across every organization doing this work: ingest, cross-reference, correlate, prioritize, report. That is what you are building.

The Scale of the Problem

At any given moment, more than 127,000 vessels are broadcasting AIS positions worldwide. Of those, an estimated 1,300 or more are shadow fleet vessels transporting sanctioned oil, up from roughly 97 in 2022, an order-of-magnitude expansion in three years. In the four regions covered by your data (Arabian Sea, Gulf of Guinea, Southeast Asia, Mediterranean), an estimated 15,000 to 20,000 vessels are operating at any given time, and shadow fleet vessels routinely transit these waters to reach transfer zones and sanctioned ports.

The analyst's challenge is signal-to-noise. Most vessels are doing exactly what their AIS says: transiting shipping lanes, loading cargo, anchoring in port. The analyst needs to find the handful operating deceptively: disabling transponders, spoofing positions, cycling through names and flags, or transferring cargo at sea with their lights off. Time pressure is real. A tanker that went dark 12 hours ago may have already transferred its cargo and reappeared under a different name. Every hour of delay is an hour the vessel can change identity, transfer cargo, or cross into a jurisdiction where enforcement is weaker.

Tools Exist, But the Gap Is Real

Maritime intelligence is not starting from scratch. The government operates platforms like SeaVision (a web-based AIS visualization tool used by 80+ partner nations) and MSSIS (an unclassified global AIS-sharing network tracking 70,000+ vessels). Commercial platforms like Windward, Pole Star, and Cognyte offer AI-driven analytics, sanctions screening, and behavioral pattern detection. ONI itself operates cloud-based analytical tools on classified networks.

The gap is in multi-source fusion at speed. ONI's own research solicitations explicitly seek automated cross-sensor correlation, AI-driven behavioral analysis, and human-machine teaming for maritime domain awareness. Correlating AIS anomalies with satellite imagery, ownership databases, sanctions lists, and behavioral history in near-real-time, with confidence scoring, is what no single platform fully delivers yet. Each new data source adds signal, but also adds complexity. The challenge is building tools that make the analyst faster, not just more informed.

Your Challenge: Unclassified, Smaller Scale, Same Patterns

The real version of this work happens on classified networks with access to signals intelligence, classified satellite imagery, and sources that cannot be discussed here. Your development environment has been pre-seeded with data at a more manageable scale, using publicly available data formats (AIS, VIIRS satellite detections, OFAC sanctions lists, piracy incident records) with embedded scenarios that mirror real-world patterns worth investigating.

The analytical patterns are the same. Cross-reference vessel identities against sanctions lists. Correlate transponder data against satellite detections. Check behavioral history for patterns of deception. Score and prioritize by risk. The data is smaller and unclassified, but the fusion logic you build would work against real data sources at full scale. You are prototyping the analytical workflow, not building the production system.

A few design principles that help:

  • Automate the tedious parts. Every vessel broadcasts a unique MMSI (Maritime Mobile Service Identity) number, which makes it a natural key for cross-referencing the same vessel across data sources. Anything that an analyst would otherwise do by hand, looking up each vessel one at a time, copying identifiers between systems, should happen automatically.
  • Right information at the right time. An analyst monitoring a region needs to scan dozens of vessels quickly, then drill into one that looks suspicious. Think about how to show just enough at the overview level to support that triage, and layer in deeper detail on demand. Use the Explore step to understand the analyst's workflows and what decisions they're making at each stage.
  • Design for the full job. Analysts don't do one task all day. They scan traffic, investigate anomalies, write reports, and hand off to the next shift. Consider how your tool supports those different workflows without overwhelming the user with everything at once. The best tools let the analyst focus on judgment calls instead of data wrangling.

How the Challenges Work

Over the challenge arc, your team will go through four challenges. Each challenge builds on the last. Here's the format:

  • Your team builds one platform together. One codebase, one demo at the end. How you organize (mobbing, pairing, dividing features) is up to you. Experimenting with collaboration patterns is part of the learning.
  • Each challenge builds on the last in two ways. You'll learn new skills for working with AI, moving you closer to being a delegator. Challenge 1 is the core platform. Challenge 2 adds consistency and reliability. Challenge 3 adds tests and deployment. Challenge 4 scales your ability to ship. At the same time, your application grows: each challenge adds new capabilities and complexity on top of what you built in the previous one.
  • Baseline capabilities and stretch goals. Every challenge has a set of baseline capabilities to aim for, plus stretch goals for teams that push further.
  • The goal is learning, not just finishing. Understanding what you built and how your delegation produced it matters more than checking every box.

Delegate, Don't Dump

You know how to use AI. You may have been using it for months. But there's a difference between using AI and delegating to it effectively.

The temptation in a build sprint is to dump a wall of requirements into one prompt and accept whatever comes back. That produces output, but not understanding, and not the delegation judgment that matters when the problem is harder than today's.

The value is in the cycle: write a story, delegate it, evaluate what comes back, refine. That's the Explore → Plan → Implement → Verify workflow from Lesson 1. Each cycle sharpens your judgment about what makes a good delegation contract and what makes a vague one. That judgment is the skill that transfers.

Delegate one story at a time. Verify against your acceptance criteria before moving on.

When the cycle stalls: If you've re-prompted two or three times and AI keeps missing the mark, stop and diagnose. Either your acceptance criteria are too vague (AI doesn't know what "done" looks like), the task is too big (decompose it), or the conversation has drifted (start a fresh conversation and re-delegate with a cleaner prompt). The fix is almost always in your specification. Asking AI to try harder won't solve it.

Your Data

Your repository includes pre-seeded data for your tool. Use this data whenever possible instead of pulling from real APIs. We have embedded scenarios in this data that make dark vessel assessments interesting: sanctioned vessels still broadcasting, vessels that go dark during the observation window, identity mismatches, and more. By using the pre-seeded data, you won't need to sign up for any external APIs, and you'll be working with data that has real analytical patterns worth finding.