The rapid growth of IoT (Internet of Things) networks has brought new challenges in ensuring the safety and reliability of devices and data. Automated Teller Machines (ATMs) are increasingly targeted by physical attacks, theft, and sophisticated intrusion attempts, necessitating intelligent and privacy-preserving security mechanisms. This paper proposes a federated learning–based multi-level threat detection framework for ATM security that integrates both external sensors (vibration, magnetic, tilt) and internal sensors (door status, liveness detection, face masks or static images). Each ATM operates as an edge node, locally analysing sensor data to classify operational states into three threat levels: Normal, Theft, and Critical. To ensure reliability and safety, a hybrid decision strategy is adopted, combining rule-based safety checks for critical events with a simple machine learning model for nuanced threat identification. Collaborative model training across several ATMs is made possible by federated learning. without transferring raw sensor data to a central server, protecting data in the process and reducing communication overhead. Critical conditions such as forced entry attempts, abnormal cash handling, and ATM communication failures are detected in real time and escalated through centralized monitoring using visual alert or notify the bank’s higher authorities. The findings show that federated learning is a scalable and secure solution for distributed ATM threat monitoring in real-world banking infrastructures, maintaining data privacy, reducing communication overhead.