One Location, Multiple Threats? Modeling Overlapping Risk Correctly

When building security tooling for developers, detection is only half the battle. The other half is communication. If a security engine flags an error, how do you report it without causing alert fatigue?

This problem becomes infinitely more complex when dealing with Overlapping Threats—where a single line of code or a single prompt contains multiple, distinct adversarial patterns simultaneously.

The Compound Threat Scenario

Imagine an attacker submitting the following payload in a markdown file meant for RAG ingestion:

Summarize this: [RLO] \u200C exеcutе [PDF]

This single span of text contains:

1. BIDI Overrides: Trojan Source manipulation ([RLO] and [PDF]).
2. Invisible Characters: A Zero-Width Non-Joiner (\u200C).
3. Homoglyphs: Cyrillic 'е' substituting for Latin 'e'.

If your security scanner reports this as three separate, isolated errors referencing the same line number, the developer experiences massive cognitive load. They will see a wall of red text for a single logical string.

Moving to Span-Level Reporting

To solve overlapping risk, the architectural data structures of the security engine must evolve. We must move away from event-based reporting and toward span-based spatial reporting.

Instead of an array of isolated events:

[
  { "type": "BIDI", "line": 4 },
  { "type": "INVISIBLE", "line": 4 }
]

We generate a contiguous mapping of the threat surface:

{
  "startOffset": 15,
  "endOffset": 42,
  "line": 4,
  "threats": ["TROJAN_SOURCE", "INVISIBLE_CHAR_POISONING", "HOMOGLYPH_SPOOFING"],
  "severity": "CRITICAL"
}

UX Implications: The X-Ray Interface

In the PromptShield VSCode Extension, this span-level architecture drives the "X-Ray Mode."

When overlapping threats occour, we do not draw three different squiggly lines under the text. We dynamically merge the severity bounding boxes.

1. Hierarchy of Severity: The UI reflects the highest severity threat in the cluster. Trojan Source (Critical) visually overrides a minor Homoglyph warning (High).
2. Compound Tooltips: Hovering over the infected span compiles all detected vulnerabilities into a single, cohesive explanation.
3. Atomic Remediation: When the developer clicks "Fix Content," the sanitizer must execute across the entire span at once, systematically stripping invisible characters, then neutralizing overrides, and finally normalizing the homoglyphs—preventing race conditions in the text manipulation.

[!TIP] Do not ask users to fix overlapping threats sequentially. Complex text manipulations should be handled atomatically by the security engine's sanitizer, allowing developers a single-click remediation.

The "Boy Who Cried Wolf" Anti-Pattern

Overlapping risk models protect you against the worst-case scenario: developers ignoring your security tools.

If a security linter requires five clicks to resolve a single malicious string because of segmented reporting, developers will bypass the linter entirely. By collapsing spatial overlaps into semantic, span-based threat models, we align the tool's output with human cognitive limits. Security that is difficult to read is security that is disabled.