My understanding is that the service (in this case, twitter) pays the phone companies for a continuously updated database of real, legitimate cellphone numbers. So twitter should make you use a cell # tied to your account and occasionally verify it with you. That should prevent new bots from signing up, unless they can afford to have a real cell # for every bot account.
I've never heard of it done this way, even for services whose business IS multifactor authentication (e.g. Duo). Do you have any resources on that?