AI is not mentioned. Besides, service accounts are not bots.
The collection provides a structured approach to self audit the security practice regarding non-human identities. The recent CCC showcased breach of a VW connected car repository based on the exploitation of those NHI.
I agree. A bot is a program or an application that provides some sort of functionality that appears automated or autonomous in some way. A service account could be the primary identity of a bot, but that doesn't make it a bot.
The collection provides a structured approach to self audit the security practice regarding non-human identities. The recent CCC showcased breach of a VW connected car repository based on the exploitation of those NHI.