EC-Council, the global credentialing body behind the internationally recognized Certified Ethical Hacker certification, has announced the launch of its Adopt. Defend. Govern. (ADG) AI Framework and a free AI Readiness Self-Assessment Tool.
The framework was developed with input from practitioners and advisory board members across Citi, JPMorgan Chase, Microsoft (NASDAQ: MSFT), KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential, and Salesforce (NYSE: CRM).
The ADG Framework gives enterprises a unified operating model built around three pillars, 12 minimum controls, and nine governance surfaces designed to align with the EU AI Act, ISO/IEC 42001, and the NIST AI RMF.
Global AI spending is projected to reach $2.5 trillion in 2026, reflecting the speed and scale at which enterprises are deploying artificial intelligence across business operations.
Despite this acceleration, governance maturity remains critically low, with industry findings showing only 1% of leaders believe their AI governance capabilities have reached maturity.
A further 78% of executives say they would not feel confident passing an AI governance audit within the next 90 days, highlighting the widening gap between AI adoption and accountability.
“Most organizations approached AI with a deploy-first mindset, prioritizing speed while governance and security struggled to keep pace,” said Jay Bavisi, Group President of EC-Council.
Bavisi added that the ADG Framework was developed to restore operational discipline, establish accountability, and help organizations operationalize AI responsibly before governance failures become systemic business liabilities.
The framework’s three pillars cover Adopt, which aligns AI deployment with business objectives and workforce capability; Defend, which secures AI systems against threats including prompt injection and data poisoning; and Govern, which embeds oversight and risk management into AI systems from deployment through enterprise-scale operations.
Every control within the framework references major global standards including the EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM and Agentic AI, and MITRE ATLAS.
The accompanying AI Readiness Self-Assessment Tool enables organizations to measure AI maturity across governance readiness, operational resilience, security posture, and accountability structures while mapping findings into a prioritized implementation roadmap.
“The framework’s three pillars reflect the cross-functional model that leading AI organizations like Salesforce have used to scale AI responsibly,” said Kathy Baxter, Principal Architect and VP of Responsible AI and Tech at Salesforce, and contributor to the ADG Framework.
“The ADG Framework is the operating model that enterprise AI has been missing,” said Lewis V. Adams, VP of Enterprise AI and Capital Productivity Transformation at Citi and contributor to the ADG Framework.
“The industry doesn’t lack AI frameworks; it lacks operational clarity,” said ShanShan Pa, Global Head of AI and Data Governance at GlobalLogic and contributor to the ADG Framework.
EC-Council has also introduced three new AI certifications aligned with the ADG operating model: the Certified AI Program Manager, the Certified Offensive AI Security Professional, and the Certified Responsible AI Governance and Ethics Professional.
The ADG Framework is structured as an open, community-driven initiative that organizations can adopt freely, without licensing fees or vendor lock-in, and is designed to evolve alongside advancing AI technologies.
