diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index d6794b1..904a446 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -1760,7 +1760,10 @@ calculate_threat_scores() {
         fi
 
         score=0
-        req_count=${ip_request_counts[$ip]:-0}
+        req_count=0
+        if [ -n "${ip_request_counts[$ip]}" ]; then
+            req_count=${ip_request_counts[$ip]}
+        fi
 
         # IMPROVED: Base request volume scoring
         # Skip volume scoring for legitimate bots (Google, Bing, etc.)
@@ -1776,7 +1779,10 @@ calculate_threat_scores() {
         # NEW: Success rate analysis bonuses
         # High failure rate (80%+ 404/403) = scanning behavior
         if [ -n "${scanner_ips[$ip]}" ]; then
-            fail_rate=${scanner_ips[$ip]:-0}
+            fail_rate=0
+            if [ -n "${scanner_ips[$ip]}" ]; then
+                fail_rate=${scanner_ips[$ip]}
+            fi
             if [ "$fail_rate" -ge 90 ]; then
                 score=$((score + 8))  # Very high failure rate
             elif [ "$fail_rate" -ge 80 ]; then