So far it turns out that every threat intelligence bot that we have seen is easily detectable as a bot. We have been submitting our URLs directly to anti-phishing companies, as well as to VirusTotal, and registering LetsEncrypt certificates to populate CT logs.
But obviously this is useful much more widely than threat intelligence. I was told that if I say it's for anti-phishing then there are 12 customers max but if it's for AI browser agents then someone will give me a billion dollars.
So if you're running/building an anti-detect bot I would love to know what you're doing, and maybe point it at our tooling, we might be able to improve your bot, you can check out our Instant Bot Test yourself at https://botforensics.com/instant-bot-test
I have a recent blog post at https://incoherency.co.uk/blog/stories/botforensics.html if you want to learn more.