@ weblou – If you want to allow the zavier user agent then yes you would use RewriteCond %{HTTP_USER_AGENT} !^(zapier)$ [NC,OR]. Also you would use your website domain name instead of the ait-pro.com domain name in this line of code: !^.*your-website-domain-name-here.com.* [OR]
The malformed request to the xmlrpc.php file has a blank user agent and the Server protocol is HTTP/1.0. Both of these things indicate this a spammer or hacker sending bad requests. ie the hacker or spammers code is broken so it cannot be used to do any harm to your website.