Yes and it's hard to detect true bots (I mean automated processes that do not just follow links like wget) because even a simple curl call can spoof its signature and become "human" from an external observer.

So its both ways :

• on one side you have users that may interact with tools that will cause the traffic to be labelled as "bot".
• on the other side even simple scripts (bots) can alter their behavior to make it look like they are humans (added noise and delays to mouse cursor position, randomizing ips, using various user agents, etc...) and be labelled "human".