The rising frequency and sophistication of cyberattacks have made real-time malicious IP detection a critical challenge for modern Security Operations Center (SOC). Traditional solutions, such as static blacklists and manual IP reputation checks, are no longer sufficient in today's dynamic threat scenario. To overcome these constraints, we present IP SafeGuard, an AI-driven platform that incorporates multi-source threat intelligence, sophisticated feature engineering, and machine learning (ML)for real-time IP categorization. The framework collects data from AbuseIPDB, VirusTotal, and other sources to compute a Dynamic Threat Score (DTS) for each IP address. It leverages an XGBoost-based classification model to achieve high accuracy and low false-positive rates, even in skewed datasets. Experimental findings indicate the improved performance of IP SafeGuard, with an accuracy of 98.2%, a precision of 97.8%, and a recall of 98.5%. The average detection duration of 45 milliseconds makes it appropriate for real-time SOC integration, enabling automated incident response through Security Information and Event Management (SIEM) alerting and firewall blocking. The framework's modular design assures scalability and adaptability, making it a vital tool for high-volume situations. By overcoming the limits of old approaches and using the power of ML, IP SafeGuard considerably boosts the efficiency and efficacy of current cybersecurity systems. Future work involves expanding the system to enable new threat intelligence sources and studying federated learning for secure and privacy-preserving threat information exchange