A static threshold might not be great depending on the group size. For instance, 200 members could be an entire group if it’s small enough, and a large group may exile well over 200 bots a day. I don’t think % would work well either, because a group that’s accumulated 500,000 members over the years may only have 10,000 or so active users, which is only 2% versus 2% in a 200-member group being 4 accounts.
Preventative measures are great, but I don’t think we’ll ever be able to stop all incidents of this, so we need to be capable of reactive responses. For instance, any user that is exiled is put in an internal “pending exile” rank for a day. Users in this state can leave the group if they need space, but otherwise they are in limbo. During this time, anyone with exile permissions can undo the action and add them back to the group with their previous role. All incidents of admin abuse I’ve seen are caught fairly quickly, so this should be enough to undo it whenever it happens.