The tweet mentions that by prefixing the SQLi payload with JSON syntax, the WAF can be bypassed. This technique can be effective in certain scenarios where the WAF rules may not detect the SQL injection due to the JSON formatting. It's important for WAF administrators to be aware of this evasion technique and adjust their security measures accordingly.
Check out the original tweet here: https://twitter.com/mmffkkdd/status/1895087978747404356