diff --git a/nonebot/adapters/cqhttp/bot.py b/nonebot/adapters/cqhttp/bot.py
index 2f9b6fc8..ee29e903 100644
--- a/nonebot/adapters/cqhttp/bot.py
+++ b/nonebot/adapters/cqhttp/bot.py
@@ -14,7 +14,7 @@ from nonebot.message import handle_event
 from nonebot.adapters import Bot as BaseBot
 from nonebot.exception import RequestDenied
 
-from .utils import log
+from .utils import log, escape
 from .message import Message, MessageSegment
 from .event import Reply, Event, MessageEvent, get_event_model
 from .exception import NetworkError, ApiNotAvailable, ActionFailed
@@ -419,6 +419,7 @@ class Bot(BaseBot):
           - ``NetworkError``: 网络错误
           - ``ActionFailed``: API 调用失败
         """
+        message = escape(message) if isinstance(message, str) else message
         msg = message if isinstance(message, Message) else Message(message)
 
         at_sender = at_sender and hasattr(event, "user_id")
diff --git a/pages/changelog.md b/pages/changelog.md
index f56f38d5..b4b07361 100644
--- a/pages/changelog.md
+++ b/pages/changelog.md
@@ -11,6 +11,7 @@ sidebar: auto
 - 修复部分非法 CQ 码被识别导致报错
 - 修复非 text 类型 CQ 码 data 未进行去转义
 - 修复内置插件为进行去转义，修改内置插件为 cqhttp 定制
+- 出于**CQ 码安全性考虑**，使用 cqhttp 的 `bot.send` 或者 `matcher.send` 时默认对字符串进行转义
 
 ## v2.0.0a7