A TechRadar report warns that this newly uncovered exfiltration technique “could place thousands of businesses worldwide at serious risk, bypassing all leading DLP tools”. In a nutshell, attackers use newer browser features to split, encode, or encrypt a file into many small fragments and send them out piecemeal over channels that DLP doesn’t inspect. The fragments are later reassembled by the attacker, meaning confidential data – from intellectual property to personal records – can quietly leak out. This rise of data splicing is dangerous precisely because it exploits blind spots in traditional defenses.

Data splicing often begins inside a web browser or cloud app, where an attacker or malicious insider loads a sensitive file (e.g. a PDF of trade secrets). Using JavaScript or a rogue browser extension, the file is sliced into tiny chunks, each encoded or encrypted, before being sent over legitimate-looking channels.

For example, pieces might be sent via a WebRTC (peer-to-peer browser) connection, a gRPC call, or even embedded in encrypted Slack/WhatsApp messages. Because each piece is small, scrambled, and sent out through an allowed path, network DLP and endpoint agents simply see normal-looking traffic. Only once all the pieces arrive on a remote server do the attackers reassemble the original file out of sight. This technique turns every user’s browser into a stealthy exfiltration channel that static DLP filters can’t follow.

Most traditional DLP systems rely on static rules or signature-based scanning. They look for known patterns (keywords, file headers, regexes, checksums, etc.) in files leaving the network or endpoint. But data splicing deliberately hides or breaks up those patterns. Moreover, a lot of DLP scanners only inspect certain channels (email, cloud storage APIs, HTTP uploads) and can’t peer into every possible browser process or encrypted tunnel. In practice, that means if Chrome or Edge splits data internally, the DLP agent simply doesn’t see the clear-text pieces.

Data splicing outruns DLP in several ways:

• No static signature: Each fragment in a data splice may look like random bytes or base64 text. Standard DLP that matches content or file signatures won’t flag it. Even if it saw one piece, it wouldn’t know how to reconstruct the context.
• Encrypted or obfuscated channels: Spliced data is often sent through encrypted WebRTC or messaging channels. Per-packet SSL/TLS inspection can’t decode it, and many DLP tools simply don’t tap into browser-built routes.
• Lack of behavioral context: Conventional DLP doesn’t really know what normal user behavior looks like. It can’t easily tell that a user copying 500 small files into an internal API is unusual. Research shows enterprise browsers and proxies lack visibility into user interactions and DOM changes – exactly what data splicing uses to evade detection.
• New browser APIs: Data splicing exploits newer browser features (e.g. streaming file APIs, Web Workers, multi-account SaaS) that DLP wasn’t designed to monitor.

The outcome is that a company could lose large amounts of data right under the nose of its DLP system, without triggering any warnings. Most companies generally believe their current DLP systems cannot effectively stop data from being stolen – these tools are difficult to set up and, in reality, don’t truly prevent data exfiltration. Data splicing is a sneaky attack method that traditional DLP systems, designed for more straightforward insider threats, were never made to detect.

ADX (anti data exfiltration) is a prevention technique that works at the endpoint, not the network edge. In simple terms, ADX runs as a lightweight agent on each device or server, continuously monitoring all outbound data and user behavior in real-time. By analyzing actions at the source, ADX never misses the true content of the data – before any encryption or fragmentation occurs.

Advantages of ADX in this context include:

1. Endpoint Insight: Unlike network tools, ADX sees data before it’s encrypted or sliced. It watches processes, memory and file I/O on the device, so even highly obfuscated data is visible to the agent. This makes ADX inherently superior for spotting hidden data flows.
2. Behavioral Analytics: Rather than static rules, ADX uses AI and machine learning to learn a baseline of normal user behavior. For example, it knows a user’s typical workflow and data usage patterns. If it sees an unusual action – say, a non-admin user suddenly reading a large confidential file and opening dozens of outbound connections – it blocks the action.
3. Real-time Prevention: ADX agents often act as a real-time air gap. All outbound communications must pass through its AI engine before leaving the device. If anything looks suspicious – like the high-frequency burst of small packets characteristic of data splicing – ADX instantly halts the flow. Unlike traditional DLP, there’s no waiting for a signature match or human analysis – it blocks on the spot.
4. Chain-of-Custody Tracking: ADX keeps track of the provenance of data on the endpoint. It can correlate which process touched which file and how that data moved through the system. This full context means it can differentiate between benign file transfers and malicious splits, even if both use the same network channel.
5. Adaptive Thresholds and Geofencing: ADX can even be configured with volume or time thresholds, geofence rules, and process whitelists. For example, if more than X MB of sensitive data tries to go to an unusual region or unknown host, ADX raises an alarm and blocks the connection.
6. Automatic Action: With ADX running on the endpoint, it autonomously responds without waiting for IT intervention. Thus freeing up security teams time by shutting down data exfiltration attempts immediately, before any damage is done.

To illustrate this conversation even further, consider a hypothetical data splicing attempt and ADX’s response:

1. An insider opens a 100MB Excel file in the browser and runs a malicious script to break it into 1000 tiny chunks (each a few KB). Traditional DLP sees only random-looking chunks.
2. The ADX agent notices the unusual file I/O – a single user is programmatically reading a large sensitive file out of sequence. This behavior deviates sharply from the user’s normal pattern (e.g. browsing or email). ADX monitors all processes as they start and stop and would immediately block any rogue process spawned (especially a script) along with any network connection it tries to make.
3. The script attempts to send these chunks out over a WebRTC data channel (or encodes them in messages on WhatsApp Web). Because ADX runs on the endpoint, it would detect these chunks being sent from any ad-hoc peer-to-peer network, whether embedded or within WhatsApp. The agent would catch this as soon as the script tried to send the data back through any channel, even over HTTPS, since ADX can see any connection attempt to, for example, a C2 server or a geofenced location.
4. By looking at the destination, ports and geography, ADX would stop these connections in real-time. Even if using a standard port, any peer-to-peer connection would be suspicious based on its destination, which ADX reverse translates and geolocates. Because ADX follows the data chain-of-custody, it links those connection attempts to the sensitive file that was read, recognizing this as an illegitimate exfiltration attempt.
5. As soon as ADX flags the anomaly (burst of encrypted chunks, odd process/network activity), it blocks the data flow. The data stream is effectively air-gapped by the agent. Alerts are generated in the console, and the suspicious streams are cut off – preventing any reassembly of the file outside.
6. ADX logs all relevant details (process, destination IP, geolocation) for forensic analysis, so security teams see exactly what was attempted and who was involved.

Even if the content is sliced and scrambled, ADX’s behavioral lens and device-level presence catch the attack in progress. This is in stark contrast to static DLP, which would have seen only benign-looking packets with no obvious keywords. In our example, the exfiltration attempt is wildly out of the user’s normal profile, so ADX intervenes automatically.

Below is a high-level comparison of traditional DLP vs. BlackFog ADX in the context of data splicing:

As the table shows, ADX’s on device approach fundamentally changes the game. When a technique like data splicing emerges, traditional DLP must be retrofitted with new signatures or sensors – which always lags behind the attack. In contrast, ADX’s anti data exfiltration philosophy was built for the dynamic data workflows of today. It treats any unauthorized movement of sensitive data as unacceptable, regardless of how it’s encoded or where it goes.

Data splicing attacks exploit a glaring gap in legacy defenses: the inability to monitor new browser-based data flows. By breaking data into pieces and sneaking them out via nontraditional channels, attackers can bypass static DLP tools entirely. This technique is especially dangerous in a world where so much corporate data lives in the cloud and is accessed through browsers.

BlackFog’s ADX platform is purpose built for this challenge. Its on-device, AI powered monitoring sees and stops data splicing at the source. By constantly learning normal behavior and scrutinizing every outbound request, ADX raises no blind spot – it doesn’t matter how an attacker disguises the data, ADX blocks unusual exfiltration patterns in real time. In effect, ADX ensures no data can leave without passing through its AI threat detection engine. For cybersecurity teams, that means even the cleverest splicing techniques produce alarms instead of lost secrets.

Schedule a demo today to see how BlackFog stops data exfiltration and data splicing in real-time.