This tweet mentions a tricky WAF bypass for reflected XSS. Unfortunately, no specific vendor is mentioned. It would be helpful to provide more technical details in order to analyze and understand the bypass better.
For more insights, check out the original tweet here: https://twitter.com/40sp3l/status/1911482974199029784