EC-Council, the global credentialing body behind the internationally recognized Certified Ethical Hacker (CEH) certification, announced that the new framework has been developed to address the growing gap between rapid AI deployment and effective governance. The initiative comes at a time when global AI spending is projected to reach $2.5 trillion in 2026, while governance maturity remains significantly underdeveloped across enterprises.
Developed with contributions from practitioners and advisory board members representing major organizations including Citi, JPMorgan Chase, Microsoft, KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential, and Salesforce, the ADG Framework provides enterprises with a unified operating model built around three core pillars, 12 minimum controls, and nine governance surfaces. The framework aligns with major international standards and regulatory requirements, including the EU AI Act, ISO/IEC 42001, and the NIST AI Risk Management Framework.
Industry findings highlight the urgency of stronger AI governance. Only one percent of leaders believe their organizations have achieved mature AI governance capabilities, while 78 percent of executives report that they would not be confident in passing an AI governance audit within the next 90 days. As enterprises increasingly deploy autonomous AI systems, many continue to rely on fragmented policies, outdated security models, and governance structures that struggle to address emerging operational challenges.
To address these concerns, the ADG Framework has been designed as a practitioner-led execution model focused on real-world implementation. Built by professionals actively managing AI risks in complex enterprise environments, the framework introduces enforceable minimum controls, operational validation standards, governance mechanisms, implementation overlays, and accountability measures. It is intended for deployment across AI systems, agentic AI environments, multi-model architectures, and large language model ecosystems.
Jay Bavisi, Group President of EC-Council, stated that many organizations adopted AI with a deployment-first mindset, prioritizing speed while governance and security lagged behind. He said the framework was created to restore operational discipline, establish accountability, and help organizations scale AI responsibly before governance failures evolve into major business liabilities.
The framework is structured around three integrated operational functions. The Adopt pillar focuses on aligning AI deployment with business objectives, workforce readiness, implementation accountability, and operational preparedness. The Defend pillar is dedicated to protecting AI systems from threats such as prompt injection, adversarial manipulation, model exploitation, data poisoning, and AI supply chain compromise. The Govern pillar embeds oversight, auditability, accountability, and risk management throughout the AI lifecycle, from deployment to enterprise-scale operations.
Together, these components introduce 12 minimum controls, nine governance surfaces, nine deployment overlays, and three autonomy tiers covering technical, societal, operational, and systemic AI risks. Each control references leading international standards and frameworks, including the EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for Large Language Models and Agentic AI, and MITRE ATLAS. The framework aims to improve governance maturity while reducing compliance complexity.
Alongside the framework, EC-Council has launched a free AI Readiness Self-Assessment Tool that enables organizations to evaluate their governance posture before vulnerabilities emerge at scale. The tool assesses governance readiness, implementation discipline, operational resilience, security posture, and accountability structures while generating a prioritized implementation roadmap. It is intended to provide boards, regulators, and executive leadership teams with an evidence-based understanding of organizational AI exposure and governance preparedness.
Kathy Baxter, Principal Architect and Vice President of Responsible AI and Technology at Salesforce, AI Advisory Board Member, and contributor to the ADG Framework, said the framework reflects the cross-functional model used by leading AI organizations to scale AI responsibly. She described it as a replicable blueprint applicable across industries, deployment models, and regulatory environments.
To support adoption of the framework, EC-Council has also introduced three new AI certifications aligned with the ADG operating model. These include the Certified AI Program Manager (CAIPM), Certified Offensive AI Security Professional (COASP), and Certified Responsible AI Governance and Ethics Professional (CRAGE). The certification programs are designed to help professionals evaluate, secure, govern, and test AI systems across modern enterprise environments.
Lewis V. Adams, Vice President of Enterprise AI and Capital Productivity Transformation at Citi, AI Advisory Board Member, and contributor to the framework, said the ADG Framework provides the operational model that enterprise AI has been missing. He noted that it transforms abstract standards into auditable practices and helps organizations balance delivery speed with safety, enabling leadership teams to scale AI systems with greater confidence.
The ADG Framework has been launched as an open, community-driven initiative that organizations can adopt without licensing fees or vendor lock-in. Designed to evolve alongside advancements in artificial intelligence, the framework encourages participation from enterprises, governance leaders, security teams, and practitioners in the ongoing development of operational AI governance standards.
ShanShan Pa, Global Head of AI and Data Governance at GlobalLogic, AI Advisory Board Member, and contributor to the framework, emphasized that while the industry has numerous AI frameworks, it continues to lack operational clarity. She noted that the ADG Framework places significant emphasis on AI security, adversarial risk management, model vulnerability mitigation, governance expectations, and measurable indicators that help organizations transition from high-level principles to actionable and trackable AI risk management practices.
Founded in 2001, EC-Council is recognized globally for creating the Certified Ethical Hacker program and for its leadership in cybersecurity education. The organization offers more than 200 certifications and degree programs across cybersecurity disciplines, including forensics, security analysis, threat intelligence, and information security. Accredited under ISO/IEC 17024 standards, EC-Council has certified more than 400,000 professionals worldwide and serves clients ranging from government agencies to Fortune 100 corporations. The organization remains a trusted cybersecurity certification authority for the United States Department of Defense, the Army, Navy, Air Force, and leading multinational enterprises.
The launch of the ADG Framework, AI Readiness Self-Assessment Tool, and new certification programs marks a significant step toward establishing stronger governance, accountability, and security standards for artificial intelligence as organizations worldwide continue expanding AI adoption across critical business operations.
About The Author
.jpg)
Comment List