Client <-> Server architecture can still take you a long way. Culling what you send to the client and relying less on client-side "hiding" of state, server authoritative actions with client-side prediction, etc.
At the end of the day someone could be using hardware "cheats" but you can get down to a pretty good spot to stop or disincentivize cheaters without running rootkits on their devices.
You don't need a "hardware cheat"; just a program that reads the memory representation of stuff. This is nothing new and already how many cheating tools work, and is exactly what all these anti-cheating things are designed to prevent.
Even having CE installed on your machine - or software like IDA or Olly back in the day - is enough for some games to immediately permaban you. In some cases, having virtualization enabled and having VM software on disk (VMware, wsl2, etc.) can trip up some anticheats.
The average player isn't a developer and doesn't need such things, so some game devs defer to the side of caution. The false positives are a miniscule and acceptable fraction of players.
Latency significantly reduces the effectiveness of culling via the server. There will always be a place for client side anti-cheat if games are running on players' computers.
Funnily, for example, using GeForce Now prevents almost all kind of cheats. Maybe the future of the competitive gaming is that you only use remote client for remote server which is hosted by the game company.
Yes, but even some cheats are possible through streaming. Basic things like scripted no-recoil all the way to aimbots based on image recognition. People are even using AI to recognize and highlight players on your screen - and even some built into monitors!
There are hardware cheating setups that utilize an external camera+device with basic image recognition and spoof a normal mouse over USB. From software's perspective, all you see on the client side is normal mouse inputs from a Logitech or razer mouse.
At the very least, this is less capable than wallhacks from reading memory.
Yes, it is true that you can use optics still, but everything memory related is always much more effective and can completely prevented. No need to use rootkits.
I would say that it takes few years still before people have good enough hardware before AI can be used in real-time. You can use OpenCV and train things against specific game to get a decent performance with image recognition, but it is not that reliable.
At the end of the day someone could be using hardware "cheats" but you can get down to a pretty good spot to stop or disincentivize cheaters without running rootkits on their devices.