Why do you say they are logged with an *invalid* IP? I think that is the private network segment used inside WMF's network, and with IABot running on WM cloud services, it seems reasonable for this IP to be used.

@ST47's comment indeed sounds correct as Cloud VPS (and Toolforge) currently use the 172.16.0.0/21 network for internal addressing and requests to the wikis. I van't verify without seeing the paste though.

Maybe I am misunderstanding the situation then. Does IABot somehow log in as a user and do edits on their behalf?

Yes. It uses OAuth to perform edits with a user's account.

In T296134#7518623, @Huji wrote:

However, do you happen to know why we are allowing Cloud to access WMF production servers via internal IP? As opposed to a public IP?

Historical reasons that are very hard to change... T209011: Change routing to ensure that traffic originating from Cloud VPS is seen as non-private IPs by Wikimedia wikis