Comment by lucideer

Consoles have less anti-cheat bypasses for a number of reasons, mostly related to obscurity, not security. The relative scarcity of gamers running homebrew-ed consoles makes developing bypasses of limited appeal. There's also a cultural difference, where gamers with an interest in mods, etc. will tend to gravitate toward PC as a platform, since it's a multi-use platform. There's still plenty of AC bypass on consoles, just significantly less.

A similar example outside of gaming is Linux as an OS platform: antivirus software isn't a big thing, despite Linux being continuously behind bigger desktop OSes with their security mitigations - (e.g. things like strong ASLR). It's less of a concern, not because Linux is more secure, but just because desktop applications there aren't a large target market for malware, and because of large cultural differences in usage.

On the other hand, AC bypasses on PC happen not because of a lack of console-esque hardware mitigations, but simply because software AC is not particularly advanced (yet). Popular AC solutions tend to employ non-engine-specific solutions that match known cheat signatures - bypasses inject cheat dlls and hope they don't get caught "too often", rather than using in-engine verification of non-cheat behaviours. I think this is primarily just an issue with software maturity and likely to solve itself over time. The general non-gaming software space has gone through similar evolution, whereby we used to rely heavily on signature matching on malware, and have evolved toward a more integrated "zero trust" approach to mitigating threats - signature-matching still exists for things like software-composition analysis, but in general is not a primary mitigation strategy for runtime security.

> the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.

> PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.

Hiding code has historically never succeeded in preventing anything. The trend toward black-box is about a combination of corporate IP protection, vendor lock-in (see also the Apple T2 SoCs) and almost certainly APT actors (disclaimer: speculation). It's not about security, least of all anti-cheat.