Federated learning (FL) has emerged as a paradigm-shifting approach to distributed machine learning, enabling multiple participants to collaboratively train models without exposing raw data. However, conventional federated learning architectures remain susceptible to a broad spectrum of security and privacy threats, including model poisoning, gradient inversion, inference attacks, and Byzantine faults. This paper presents a unified and robust framework— Secure and Privacy-Preserving Federated AI (SPFA) — that integrates differential privacy, homomorphic encryption, secure multi-party computation, Byzantine fault tolerance, and zero-knowledge proofs into a unified, production-grade architecture. We formally analyze the threat model, prove privacy guarantees under the (ε, δ)-differential privacy framework, and demonstrate Byzantine resilience under partial adversarial participation. Extensive experiments on heterogeneous data distributions across image classification, natural language processing, and medical diagnosis benchmarks demonstrate that SPFA achieves model accuracy within 2.3% of centralized baselines while providing provable ε = 1.0 privacy with a communication overhead of only 18% above standard FedAvg. To the best of our knowledge, our framework is among the first to consolidate all five protection layers into a unified, deployable system with formal analysis and an open-source reference implementation. The relevance of SPFA extends to privacy-sensitive applications in healthcare, cybersecurity, distributed edge computing, and smart city analytics.