Bots are officially sanctioned as such and have an application ID in the developer console as well as a label in the client. Alternatively, nothing's stopping someone from taking a user account's authentication token and making the same calls, but that's against TOS (Discord calls them selfbots). The KYC they use won't protect against this kind of abuse.

Not to mention the possibility of a widely deployed moderation bot being used to attack the servers/channels they're running on, en masse.