ADG V1.0 · Released May 2026
Open Framework · Practitioner-led · Vendor-neutral
ADG is a living framework for enterprise AI. Twelve controls, mapped today to NIST AI RMF, ISO/IEC 42001 and the EU AI Act. Extended tomorrow as new national and sector regulations come online.
Digital · 12 controls · Live crosswalks
12
Minimum controls
· Evidenced
· Evidenced
09
Governance surfaces
· Input → output
· Input → output
04
Harm classes
· Covered end-to-end
· Covered end-to-end
03
Pillars
· Adopt · Defend · Govern
· Adopt · Defend · Govern
Get involved
Assess your organization's AI readiness.
Question 1 of 12 · illustrative
Open the full assessment →
Do you maintain a complete, current inventory of every AI system running in production?
Tier 3 / 5
Managed
Most organizations land at Tier 2. Illustrative reading from 1 of 12 controls — the full assessment scores all twelve and returns a 30/60/90-day roadmap.
Your board-ready roadmap, in about 5 minutes.
Build Your 90-Day Roadmap →
Skill check · ~20 min
Test your AI-governance skills
~20 minutes. A few personalized questions. Your EC-Council badge and a certification path, drawn live as an interactive knowledge map.
~20 minutes to an EC-Council badge and your path.
Earn Your EC-Council Badge →
Crosswalks · ADG aligns with
Six published frameworks · One operational floor
Section 11.2
Control Crosswalk: NIST AI RMF & ISO/IEC 42001
NIST AI RMF function
ISO/IEC 42001 Annex A group
Adopt
Defend
Govern
Click a Minimum Control to highlight its mapped NIST functions and ISO Annex A groups.
§ 02 · The framework
Three pillars.
One operating model.
One operating model.
ADOPT builds and operates. DEFEND breaks and protects. GOVERN authorizes and oversees. An AI Governance Council mediates tension between the three and escalates when needed.
01
Adopt
Build · Operate
Deliver business value, safely.
Use-case selection, capability planning, architecture and deployment. The disciplines that get AI into production without cutting corners.
01
Use cases & value framing
02
Architecture & model selection
03
Deployment & DevSecOps
04
Operating model & capability
02
Defend
Break · Protect
Identify harm before it ships.
Threat modelling, red-teaming, runtime guardrails, detection and response. Maps cleanly to OWASP LLM Top 10 and MITRE ATLAS.
01
Threat modelling & red-team
02
Model & data integrity
03
Runtime guardrails
04
Detection & incident response
03
Govern
Authorize · Oversee
Justify AI use at the board.
Policy, decision rights, regulatory alignment, audit-grade evidence. The governance layer your CAIO, legal and risk officers can sign on.
01
Policy & decision rights
02
Regulatory alignment
03
Assurance & audit
04
Board-level evidence
Mediation layer
AI Governance Council
A standing body of product, security, legal and risk leaders. Resolves tension between ADOPT velocity and DEFEND caution; escalates material decisions to GOVERN.
§ 03 · Coverage
Every place an AI
can fail. ADG covered.
can fail. ADG covered.
Nine governance surfaces trace the runtime from first prompt to audit log. Five sit in the request pipeline. Four cross-cut every surface.
Request pipeline · 05 surfaces
Input → Output
01
Prompt
Injection · jailbreak · system-prompt leakage
02
Context
RAG · retrieval poisoning · over-broad memory
03
Model
Provenance · weights · evaluation · drift
04
Tools
Function calls · agent actions · blast radius
05
Orchestration
Plans · loops · multi-agent emergence
Cross-cutting bands · 04 surfaces
Slice every layer above
Identity
Who is asking · who is acting · whose data
Safety layer
Pre/post filters · content policy · refusal
Telemetry
Logs · traces · evidence for audit
Learning loop
Feedback · evals · retraining · drift
Harm classes · 04 outcomes the framework prevents
End-to-end coverage
H · 01
Confidentiality loss
Prompt leakage, model exfiltration, training-data extraction, RAG over-disclosure.
H · 02
Integrity failure
Hallucination at scale, decision manipulation, agent-action drift, tool misuse.
H · 03
Availability impact
Resource exhaustion, cost-amplification attacks, cascading agent loops.
H · 04
Accountability gap
No evidence trail, unclear decision rights, regulatory non-conformance.
§ 04 · Built for
A framework for everyone
who touches the stack.
who touches the stack.
From the first lecture to the board pack. ADG is written so a student can read it end-to-end and a CISO can adopt it tomorrow.
A · Learner
Free · Self-paced
Students & new practitioners
Start with the basics: what an AI control actually looks like, why prompt injection isn't hypothetical, and how ADG maps to a real system. No prior security background required.
→
The framework, in plain English
→
Annotated reference architectures
→
Self-assessment lab
B · Practitioner
Implementer · SMB · SMC
AI & security engineers
Twelve evidence-backed controls you can ship this quarter. Reference architectures, threat models, runtime guardrail patterns and detection rules, all open, all crosswalked to OWASP and ATLAS.
→
Implementation playbooks
→
Detection rules & guardrails
→
Crosswalk to OWASP & ATLAS
C · Executive
Board · CISO · CAIO
Implement Ethical, Responsible and Explainable AI across the organization.
Audit-grade evidence the board will accept. ADG maps your AI estate to NIST AI RMF, ISO/IEC 42001 and the EU AI Act in one artefact, so attestation is a translation, not a programme.
→
Board-ready evidence model
→
EU AI Act conformance pathway
→
Maturity assessment template
§ 05 · AI Advisory Board
Practitioner-led.
Vendor-neutral. By design.
Vendor-neutral. By design.
An advisory board of CISOs, CAIOs, AI engineers and academic leaders from Microsoft, Salesforce, KPMG, BASF, BNP Paribas, Reliance Jio and more. Stewarded openly by EC-Council Global Services.
AI Advisory Board
38 Practitioners · 20+ global organizations
Jay Bavisi
Chairman & CEO
EC-Council Group
Karthik S.
Practice Head, SecureAI · Framework Architect & Lead Author
EC-Council
Mayank Tandon
Global Outreach & Partner Experience
EC-Council
Kathy Baxter
VP / Principal Architect, Responsible AI
Salesforce
Adam Spearing
VP of AI GTM EMEA
ServiceNow
Anita Lacea
Head of AI Transformation
Microsoft
Dr. Sayed Peerzade
EVP · Cloud, AI & Government Initiatives
Jio
Edoardo Tealdi
Executive Head of AI Transformation
NTT DATA
Lily Rachmawati
Director, Head of Applied AI
BNP Paribas
Naveen Upadhyay
VP, AI/ML Product Management
JPMorgan Chase
Raji Bhimireddy
VP Cloud, AI, Architecture, FinOps
Prudential
Sanjoy K. Saha
Head of AI Portfolio & Governance
GE Healthcare
ShanShan Pa
Global Head of AI & Data Governance
GlobalLogic
Lewis W. Adams
VP, Enterprise AI Transformation
Citi
Malik Hussain
AI Enablement Lead, Data & AI Academy
BASF
Oscar Jarabo
Global Head of AI Product & Strategy
TKE
Pavan Kristipati
Head of AI Engineering & Transformation
Huntington Bank
Sophia Katrenko
VP of AI/ML
EcoVadis
Sruthi Pakanati
Head of AI & Data Transformation
Deloitte Australia
Sudarson Roy Pratihar
Founder & Principal
A2IQ
Yashwinder Chhikara
SVP · AI, Analytics & Product
iSON Xperiences
Mark Ritcey
VP, AI & Automation Delivery
Latent Bridge
Dinesh Bhogle
Head of AI/ML Platform
Black & Veatch
Anish Mitra
Director
KPMG
Andrei Son
Head of AI Transformation
AUMOVIO
Raghunandan Mishra
AI & Data Engineering Leader
—
+ more advisors from Microsoft, Citi, JPMorgan, Prudential, BASF and others
§ 06 · Adopt the framework
Read it. Implement it.
Help shape v2.
Help shape v2.
The Framework is open. The crosswalks are free. The advisory board is taking pull requests. Make AI worth trusting, at your scale.
Access the Framework
→
View digital version