India, May 12 -- A password is stolen. A login page looks normal. Two-factor authentication should stop the attack. Now imagine a flaw in the software underneath lets hackers step around that second lock.

That is the warning coming from Google's latest threat intelligence work. The company says criminal hackers appeared to use an artificial intelligence model to help discover and weaponize a previously unknown software vulnerability. The attempted attack was stopped before it caused wider damage, but the signal is hard to miss: AI is no longer just helping scammers write better phishing emails.

The vulnerability was a zero-day flaw, meaning the software maker did not know about it before attackers found it. Google said the target was a ...