Nithin Kamath, co-founder and CEO of India’s largest stockbroking platform Zerodha, disclosed on Wednesday that his X account was briefly compromised after falling for a sophisticated phishing email on October 15, demonstrating how even cybersecurity-aware executives can become victims of increasingly advanced AI-automated attacks.
The incident occurred early Tuesday morning while Kamath was browsing on his personal device at home. “A momentary lapse in attention. The e-mail got through all spam and phishing filters. I clicked on the ‘Change Your Password’ link and entered the password,” Kamath explained to his 740,000 X followers. The attackers gained access to a single login session, which they used to post cryptocurrency scam links before Kamath regained control.
Two-Factor Authentication Prevents Complete Takeover
Despite the breach, Kamath’s two-factor authentication prevented the attackers from gaining full control of his account. “I had 2FA enabled, so luckily, they couldn’t take over the full account apart from gaining access to the one session from the phishing flow,” he wrote. Kamath noted that the attack appeared to be “fully AI-automated and not personal,” reflecting the growing use of artificial intelligence in cybercriminal operations.
The phishing email closely mimicked legitimate X security alerts, creating sufficient urgency to deceive even an experienced technology entrepreneur during what he described as a brief moment of inattention.
The incident highlights a surge in AI-powered phishing attacks throughout 2025, with security firms reporting a 1,265% increase in such attacks since generative AI tools became widely available. According to recent industry data, up to 83% of phishing emails are now AI-generated, making them more convincing and harder to detect.
The incident has resonated widely on social media, with users sharing similar experiences and noting the increasing sophistication of phishing attempts targeting X accounts specifically. Security experts point out that the case demonstrates how human psychology remains the most vulnerable element in cybersecurity frameworks, even when robust technical protections are in place.
Also Read: Google has unveiled Veo 3.1 with native audio integration
