CSRF forDisallowedAction Errors in Logs

Hi there,

Throughout our error logs, we are seeing 100s of the below CSRF errors:

CRITICAL - 2022-02-24 19:49:22 --> The action you requested is not allowed.
#0 /home/system/Security/Security.php(289): CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction()
#1 /home/system/Filters/CSRF.php(53): CodeIgniter\Security\Security->verify(Object(CodeIgniter\HTTP\IncomingRequest))
#2 /home/system/Filters/Filters.php(173): CodeIgniter\Filters\CSRF->before(Object(CodeIgniter\HTTP\IncomingRequest), NULL)
#3 /home/system/CodeIgniter.php(386): CodeIgniter\Filters\Filters->run('controller...', 'before')
#4 /home/system/CodeIgniter.php(320): CodeIgniter\CodeIgniter->handleRequest(NULL, Object(Config\Cache), false)
#5 /home/public/index.php(37): CodeIgniter\CodeIgniter->run()
#6 {main}

It looks like this is the SecurityException being thrown from the Security.php class:

// Do the tokens match?
if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {
throw SecurityException::forDisallowedAction();
}

We have manually tested our forms a number of times, and cannot reproduce the logged errors.  If the tokens do not match then perhaps it's some kind of bot or attack - but in that case, why handle this by hammering the logs with these errors / exceptions?