The tweet mentions a bypass using the payload 'exercises but brute gym' for CDN WAFs like Akamai. This bypass seems to be effective in understanding the WAF's protection. However, it raises the question of how to prove if the reflected part is bypassing the alert, especially if some vulnerabilities have been patched. Security researchers should validate the effectiveness of the bypass and ensure that it works as expected.
For more insights, check out the original tweet here: https://twitter.com/MiniMjStar/status/1863307288670339465