The AntiSpoof extension blocks usernames that use certain Unicode ranges, are all letters or punctuation, usernames that "l0ok l1ke" existing usernames, etc. But MediaWiki only hooks into it *while* it is creating a new user account (with the AbortNewAccount hook). Because MW does not run a hook on User::isValidUserName() or variants like User::getCanonicalName('creatable'), there is no way for a validating account creation form to check if a username will be rejected by AntiSpoof before the user submits it. This reduces the effectiveness of the improved account creation that the E3 team is exploring.
The simplest fix is to introduce a new isUsableUsername hook that User.php runs from User::isUsableName(), and adapt AntiSpoof (and similar extensions like Minimum Name Length extension, etc.) to respond to it with similar code to its AbortNewAccount hook.