AI-Integrated Threat Intelligence Architecture Combining Network and API Risk Signals

Modern enterprise systems face increasingly blended cyber threats, where malicious activity often spans both network traffic and application-level interfaces. This study presents an integrated threat intelligence architecture that unifies network telemetry with API-specific risk indicators to improve early detection and contextual understanding of attacks. The proposed framework combines lightweight behavioral analytics, feature-aware deep learning components, and dynamic correlation engines capable of adapting to changing threat patterns. Network flows, encrypted traffic fingerprints, and API usage behaviors are jointly analyzed to identify anomalies that may be overlooked when signals are assessed in isolation. Experimental evaluations using mixed real-world and simulated datasets demonstrate improved detection precision and reduced false-positive rates compared with single-domain approaches. The results highlight the value of multi-layered intelligence fusion for strengthening security posture, especially in distributed and API-driven environments. The paper concludes by discussing operational considerations and recommending pathways for integrating the architecture into existing SOC and SIEM ecosystems.