Riot Games is aggressively dismantling the multi-million dollar video game cheating industry by deploying its kernel-level Vanguard anti-cheat system, which has reduced cheating in Valorant ranked matches to under 1% globally as of early 2025.
Cheating in video games has evolved from a hobbyist pursuit into a lucrative, professionalized black market. To combat this, developers are increasingly turning to kernel-level anti-cheat solutions. These systems operate with the highest privileges in the Windows operating system, allowing them to monitor machine processes in real-time. Among the most effective is Vanguard, the engine behind Riot’s League of Legends and Valorant.
Phillip Koskinas, Riot’s director and head of anti-cheat, describes his role as an “anti-cheat artisan” dedicated to a singular mission: purging cheaters from the ecosystem. By forcing cheat software to become visible, Vanguard allows the team to ban thousands of players daily.
Strategic Warfare: Discrediting Cheat Developers
Riot’s anti-cheat strategy goes beyond simple detection. Koskinas employs a “reconnaissance arm” that infiltrates cheat communities using undercover identities. By gaining credibility within these circles, Riot operatives can analyze upcoming threats, wait for them to launch, and then execute mass ban waves that leave cheat developers humiliated and financially damaged.
“We can just make them look like fools,” Koskinas notes. By publicly leaking screenshots or banning their entire customer base, Riot effectively destroys the “premium reputation” these developers sell to high-end clients. The team also uses hardware fingerprinting to identify repeat offenders, ensuring that even if a cheater buys a new account, their device remains blacklisted.
The Escalating Arms Race: DMA and Screen Readers
Most cheaters use “rage cheats”—cheap, easily detectable software. However, a more sophisticated tier of cheaters utilizes “external” hardware-based exploits. These include Direct Memory Access (DMA) attacks, where specialized PCI Express cards bypass the game’s security by exfiltrating memory to a second computer. This secondary system can then generate a “radar” or use HDMI fusers to overlay wallhacks directly onto the player’s main screen, granting them what amounts to supernatural awareness.
Another common tactic is the screen reader, which uses AI to identify targets and then sends automated signals to an Arduino-based device to control the mouse, creating a perfect aimbot. Koskinas admits that while these are difficult to catch, they eventually fail because the inhuman precision of the bots makes them stand out against standard human playstyles.
The Future and Transparency
Riot remains vigilant about the integration of AI, which can now be trained to recognize in-game colors and patterns to trigger actions automatically. Despite the privacy concerns inherent in kernel-level access, the company insists this is the only way to maintain a fair competitive environment.
To build trust with the community, Koskinas is increasingly prioritizing transparency. By releasing detailed developer logs and engaging in public discourse, the team hopes to explain how they leverage system privileges to protect the integrity of their games. As Koskinas puts it, “We’re not telling you what’s under the hood, but we’ll tell you almost anything else.”
Leave a Reply