Why anti-cheat is cloud gaming's biggest unsolved problem

Modern anti-cheat systems — Easy Anti-Cheat, BattlEye, Riot's Vanguard, Bungie's anti-cheat in Marathon — install kernel-mode drivers on the client machine. They sit below the operating system's protected-process boundary and watch for cheating tools in a way that user-mode programs cannot.

This is a controversial design even on a normal gaming PC. On a cloud gaming server, it gets worse: the kernel they're inspecting is not your kernel. It's a kernel running inside a virtualised environment that the cloud provider controls. Two things break.

Several major anti-cheats explicitly refuse to run inside virtual machines or detect virtualisation and flag the player as suspicious. The reason is that VMs are a common vector for cheaters — running the game inside a VM lets you read its memory from outside the kernel's protection boundary.

Cloud gaming services are, technically, VMs. NVIDIA, Microsoft, Sony and Boosteroid all run game workloads on virtualised compute. They've all built bespoke pipeline integrations with the major anti-cheat vendors to whitelist their specific deployments. But every new anti-cheat that ships needs a new bespoke integration, and the integration takes months of legal and technical back-and-forth.

A cheater on a normal PC has to install something. The anti-cheat sees it and bans them. A cheater on cloud gaming, by contrast, can read the framebuffer with anything that captures their local screen — and there's no kernel for the anti-cheat to inspect because the kernel that matters is on the cloud server, not on their device.

Aimbots that work off of capturing your screen and computing where to point exist. They're crude compared to memory-reading aimbots, but they're plausible. Cloud gaming makes this category of cheat much harder to detect because the anti-cheat has no visibility into the client side at all.

Bungie shipped Marathon in September 2026 with explicitly stated 'no cloud streaming, no exceptions' policy at launch. They are the strongest signal in the industry of a publisher prioritising anti-cheat over cloud reach.

There's a counter-argument: Marathon is a competitive extraction shooter, exactly the genre where cheating is most damaging to the game. For non-competitive titles the trade-off looks different and most publishers have allowed cloud streaming. But the precedent has now been set. If Marathon's anti-cheat track record turns out to be visibly better than its peers, expect more publishers to follow.

Three workarounds are in active development, and one is in production:

The production fix: cloud provider attestation. NVIDIA, Microsoft and the major anti-cheat vendors have a private protocol where the cloud provider cryptographically signs each session as coming from approved infrastructure. The anti-cheat trusts the signature instead of trying to detect the VM itself. This is what makes Easy Anti-Cheat games work on GeForce Now today.

In development: client-side telemetry on the player's device, separate from the game. Some anti-cheats are exploring shipping a thin agent that runs on the player's actual local device (the laptop, the phone) and reports on environmental signals to a server-side anti-cheat. We'd expect this to be controversial.

Also in development: behavioural detection in lieu of kernel detection. Server-side analysis of mouse movement, aim trajectories, reaction times. Theoretically promising, practically prone to false positives. Bungie has talked publicly about this for Marathon.

If you primarily play single-player and PvE co-op games, this is mostly an industry-baseball problem. You won't notice it.

If you primarily play competitive multiplayer shooters: the games you care most about are the games most likely to have cloud-streaming restrictions, and the situation is getting more restrictive, not less, over time. Plan for a future where some of your favourites simply aren't streamable, regardless of which cloud service you pick.

The structural problem isn't fixable in the short term. The architectures of anti-cheat and cloud gaming are fundamentally in tension. Workarounds work today, but every new anti-cheat ships with the option to revoke them.