EC-Council Launches ADG AI Framework and Self-Assessment Tool
Friday, May 29, 2026
EC-Council, the credentialing body responsible for the internationally recognised Certified Ethical Hacker (CEH) certification and one of the world’s leading authorities in cybersecurity education, workforce development, and standards-based training, has announced the launch of its proprietary Adopt. Defend. Govern. (ADG) AI Framework and a free AI Readiness Self-Assessment Tool to help organisations securely adopt, operate and govern AI at scale.
Developed with input from practitioners and advisory board members across organizations including Citi, JPMorgan Chase, Microsoft, KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential and Salesforce, the ADG Framework gives enterprises a unified operating model; three pillars, 12 minimum controls, and nine governance surfaces. The framework is designed to align with the EU AI Act, ISO/IEC 42001, and the NIST AI RMF. Contd
“Most organisations approached AI with a deploy-first mindset, prioritizing speed while governance and security struggled to keep pace,” said Jay Bavisi, Group President, EC-Council. “The result is that organizations are now scaling AI systems faster than they can securely govern them. The ADG Framework was developed to restore operational discipline, establish accountability, and help organizations operate AI responsibly before governance failures become systemic business liabilities.”
AI Without Guardrails Is a Business Risk
The ADG Framework is organised around three deeply integrated operational functions designed to create a complete governance life cycle for modern AI systems -
Adopt
Helps organizations align AI deployment with business objectives, operational readiness, workforce capability, and implementation accountability.
Defend
Focuses on securing AI systems against evolving threats including prompt injection, adversarial manipulation, model exploitation, data poisoning and AI supply chain compromise.
Embeds oversight, auditability, governance accountability and risk management into AI systems from deployment through enterprise-scale operations.
Together, the framework introduces 12 minimum controls, nine governance surfaces, nine deployment overlays, and three autonomy tiers covering technical, societal, operational and systemic AI risk domains. Every control references major global standards and frameworks including the EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM and Agentic AI and MITRE ATLAS, helping organisations strengthen governance maturity while reducing compliance fragmentation.
AI Readiness Self-Assessment Tool Introduces Operational Visibility
Alongside the framework, EC-Council has launched a free AI Readiness Self-Assessment Tool to help organisations evaluate their governance posture before vulnerabilities emerge at scale.
The tool enables organisations to measure AI maturity across governance readiness, implementation discipline, operational resilience, security posture and accountability structures while mapping findings into a prioritized implementation roadmap. For boards, regulators, and executive leadership teams facing growing scrutiny around AI governance, the tool provides an evidence-based view of organisational AI exposure and governance preparedness.
“The framework’s three pillars reflect the cross-functional model that leading AI organizations like Salesforce have used to scale AI responsibly. It establishes a solid, replicable blueprint across any industry, deployment model, or regulatory environment.” said Kathy Baxter, Principal Architect, VP of Responsible AI & Tech at Salesforce, AI Advisory Board Member, and Contributor to the ADG Framework.
New AI Certifications Aligned to the ADG Framework
To support implementation of the framework, EC-Council has also introduced three new AI certifications aligned with the ADG operating model. The certifications are designed to help organizations build workforce capabilities around AI governance, offensive AI security, and responsible AI implementation.
- Certified AI Programme Manager (CAIPM)
- Certified Offensive AI Security Professional (COASP)
- Certified Responsible AI Governance and Ethics Professional (CRAGE)
The programmes help practitioners evaluate, test, secure, and govern AI systems across modern operating environments.
“The ADG Framework is the operating model that enterprise AI has been missing. It turns abstract standards into auditable practices and resolves the real tension between delivery speed and safety. For a board, that is the difference between scaling a fleet of agents with confidence and taking a leap of faith.” said Lewis V. Adams, VP, Enterprise AI & Capital Productivity Transformation at Citi, AI Advisory Board Member, and Contributor to the ADG Framework.
