If the bot transcribes anything GDPR considers personal data and then emails it out you're already in breach. Simply someone telling their phone number to another participant over the call would result in a violation.
It wouldn't be in breach. otherwise, you sending an email with someone's email/phone number via gmail in it would cause Google to breach it. That would be on the software user. If you use somewhere that to breach GDPR, the software provider is not liable for how the user uses it.
If you tell the software to do something that is a breach, or used it when you could reasonably be expected to know it would behave in such a way, then yes you are responsible.
If, for custom software/configuration, you specify software to do something automatically that is a breach, then yes also.
If the software does it without your instruction, especially if you explicitly opted out, that is in beach, then the service responsible for the software may be liable instead.
How enforceable this is, is a different discussion…
If the software is transcribing and sending emails without the user's awareness, much less permission... then the responsibility must rest with the software. Software isn't responsible for my deliberate decisions, but it is responsible for anything it does without consulting me.
How many times has a user said they didn't configure something that way and when you checked they did and they were thinking about a different setting for something else? Realisitically, it's actually the most likely thing that happened.
And he did have it configured to send out emails. So that part is true.
If you made a draft email with those details, then GMail sent that draft without your authority then they too would be in breach, albeit unwittingly. That seems like a reasonable analogy to what happened in the OP, assuming it was a bug and not some 'growth hacking' plan as others have speculated.