EC-Council Launches ADG AI Framework and Self-Assessment Tool to Help Organizations Secure and Govern AI at Scale

Created in collaboration with practitioners from Citi, JPMorgan Chase, Microsoft, KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential and Salesforce, the Adopt. Defend. Govern. (ADG) Framework provides enterprises with a unified operating model; three pillars, 12 minimum controls, and nine governance surfaces. It is designed to align with the EU AI Act, ISO/IEC 42001, and the NIST AI RMF

Tampa., Florida, May 28, 2026 (GLOBE NEWSWIRE) -- EC-Council, the global credentialing body responsible for the internationally recognized Certified Ethical Hacker (CEH) certification and one of the world’s leading authorities in cybersecurity education, workforce development, and standards-based training, has today announced the launch of its proprietary Adopt. Defend. Govern. (ADG) AI Framework and a free AI Readiness Self-Assessment Tool to help organizations securely adopt, operationalize, and govern artificial intelligence at scale.

Developed with input from practitioners and advisory board members across organizations including Citi, JPMorgan Chase, Microsoft, KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential and Salesforce, the ADG Framework gives enterprises a unified operating model; three pillars, 12 minimum controls, and nine governance surfaces. The framework is designed to align with the EU AI Act, ISO/IEC 42001, and the NIST AI RMF.

The urgency around AI governance is rising as organizations and enterprises accelerate AI adoption across business operations. Global AI spending is projected to reach $2.5 trillion in 2026, reflecting the speed and scale of enterprise deployment. Yet governance maturity remains critically low: industry findings show that only 1% of leaders believe their AI governance capabilities have reached maturity, while 78% of executives say they would not feel confident in passing an AI governance audit within the next 90 days.

The widening gap between AI acceleration and AI accountability is increasing pressure on organizations to address technical, societal, operational, and systemic AI risk at the same time. Many are deploying increasingly autonomous AI systems while still relying on fragmented policies, outdated security models, and governance structures that struggle under real-world operating pressure.

The ADG Framework has been developed to close this gap. More than a theoretical governance model, ADG is a practitioner-led execution framework engineered for real-world deployment. Designed by professionals actively managing AI risk in some of the world’s most complex operating environments, the framework establishes enforceable minimum controls, operational validation standards, governance surfaces, implementation overlays, and accountability mechanisms that organizations can apply across AI systems, agentic AI environments, multi-model architectures, and large language model ecosystems.

“Most organizations approached AI with a deploy-first mindset, prioritizing speed while governance and security struggled to keep pace,” said Jay Bavisi, Group President, EC-Council. “The result is that organizations are now scaling AI systems faster than they can securely govern them. The ADG Framework was developed to restore operational discipline, establish accountability, and help organizations operationalize AI responsibly before governance failures become systemic business liabilities.”

AI Without Guardrails Is a Business Risk

The ADG Framework is organized around three deeply integrated operational functions designed to create a complete governance life cycle for modern AI systems:

Adopt: Helps organizations align AI deployment with business objectives, operational readiness, workforce capability, and implementation accountability.

Defend: Focuses on securing AI systems against evolving threats including prompt injection, adversarial manipulation, model exploitation, data poisoning, and AI supply chain compromise.

Govern: Embeds oversight, auditability, governance accountability, and risk management into AI systems from deployment through enterprise-scale operations.

Together, the framework introduces 12 minimum controls, nine governance surfaces, nine deployment overlays, and three autonomy tiers covering technical, societal, operational, and systemic AI risk domains. Every control references major global standards and frameworks including the EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM and Agentic AI, and MITRE ATLAS, helping organizations strengthen governance maturity while reducing compliance fragmentation.

AI Readiness Self-Assessment Tool Introduces Operational Visibility

Alongside the framework, EC-Council has launched a free AI Readiness Self-Assessment Tool to help organizations evaluate their governance posture before vulnerabilities emerge at scale.

The tool enables organizations to measure AI maturity across governance readiness, implementation discipline, operational resilience, security posture, and accountability structures while mapping findings into a prioritized implementation roadmap. For boards, regulators, and executive leadership teams facing growing scrutiny around AI governance, the tool provides an evidence-based view of organizational AI exposure and governance preparedness.

“The framework’s three pillars reflect the cross-functional model that leading AI organizations like Salesforce have used to scale AI responsibly. It establishes a solid, replicable blueprint across any industry, deployment model, or regulatory environment.” said Kathy Baxter, Principal Architect, VP of Responsible AI & Tech at Salesforce, AI Advisory Board Member, and Contributor to the ADG Framework.

New AI Certifications Aligned to the ADG Framework

To support implementation of the framework, EC-Council has also introduced three new AI certifications aligned with the ADG operating model. The certifications are designed to help organizations build workforce capabilities around AI governance, offensive AI security, and responsible AI implementation.

The certifications include:

Certified AI Program Manager (CAIPM)
Certified Offensive AI Security Professional (COASP)
Certified Responsible AI Governance and Ethics Professional (CRAGE)

The programs help practitioners evaluate, test, secure, and govern AI systems across modern operating environments.

“The ADG Framework is the operating model that enterprise AI has been missing. It turns abstract standards into auditable practices and resolves the real tension between delivery speed and safety. For a board, that is the difference between scaling a fleet of agents with confidence and taking a leap of faith.” said Lewis V. Adams, VP, Enterprise AI & Capital Productivity Transformation at Citi, AI Advisory Board Member, and Contributor to the ADG Framework.

Open, Community-Driven, and Built to Scale

The ADG Framework is designed as an open, community-driven initiative that organizations can adopt freely, without licensing fees or vendor lock-in. It is structured to evolve alongside AI technologies while enabling practitioners, enterprises, governance leaders, and security teams to contribute to the continued development of operational AI governance standards.

“The industry doesn’t lack AI frameworks; it lacks operational clarity. The ADG framework places a strong emphasis on AI security, particularly in addressing adversarial risks and model vulnerabilities, while also mapping broader governance and regulatory expectations. What’s especially valuable is its inclusion of measurable indicators, which helps organizations move from high-level principles to more actionable and trackable AI risk management as they transition into real-world deployment.” said ShanShan Pa, Global Head of AI & Data Governance at GlobalLogic, AI Advisory Board Member, and Contributor to the ADG Framework.

The ADG AI Framework, AI Readiness Self-Assessment Tool, implementation guidance, and supporting certification programs are now available through EC-Council Official Website.

About EC-Council

EC-Council is the creator of the Certified Ethical Hacker (CEH) program and a leader in cybersecurity education. Founded in 2001, EC-Council’s mission is to provide high-quality training and certifications for cybersecurity professionals to keep organizations safe from cyber threats.EC-Council offers over 200 certifications and degrees in various cybersecurity domains, including forensics, security analysis, threat intelligence, and information security.  

An ISO/IEC 17024-accredited organization, EC-Council has certified over 400,000 professionals worldwide and serves clients ranging from government agencies to Fortune 100 companies. EC-Council is the gold standard in cybersecurity certification, trusted by the U.S. Department of Defense, the Army, Navy, Air Force, and leading global corporations.   

Attachments

EC-Council
press@eccouncil.org

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.