The Field Guide

“Undetected” is a product

The cheat market's best-selling feature is not the aimbot. It is the word undetected, sold by subscription and restocked after every patch. That one fact settles an argument the whole community keeps having: a clean game is not something detection can promise. It is something a player can show.

Every player has asked it after a bad beat: was that fair? There are only two ways to answer. You can try to catch everything that is wrong, or you can prove what was right. Almost all of anti-cheat is the first.

This is about why the second is the one that actually settles it.

Catch what is wrongDetection

Scan for the cheat and punish it. The whole industry runs on this.

  • Runs after the cheat ships, so there is always a window it has not seen yet.
  • Can be forged: a spoofed fingerprint, a fresh account, a build sold as undetected.
  • Can misfire: honest players are caught in the same net, with no way to prove they were clean.

So “not caught” only ever means not caught yet.

Prove what is rightProvenance

Keep a verifiable record of how the game was actually played.

  • Built as you play, so it is never chasing a move already made.
  • Nothing to forge: the record either exists and checks out, or it does not.
  • Nobody to wrongly condemn: it shows what you did, not a guess about what you are.

So “clean” becomes something you can show, not something you hope for.

01

The word they actually sell

Walk up to the cheat market and look at what is actually priced. The aimbot is not really the product. The product is the promise attached to it: undetected. It is sold the way software-as-a-service is sold, by subscription, with the expectation that it keeps working, and it is quietly rebuilt after each game patch so the promise holds. You are not buying an aim; you are renting a head start on the people trying to catch you.

We do not have to take a seller's word for this, and this guide never does. The shape of that business is written into a court record. In Activision's case against the cheat operation EngineOwning, a United States court entered a default judgment of roughly 14.5 million dollars and handed the operation's own domain to Activision. The filings describe exactly what was being sold: tiered subscriptions, a few euros for a few days up to tens of euros for a few months, for cheats marketed as undetected. A court record, not a marketer, is what establishes the model.

“Undetected” is something you can buy. Everything else in this entry follows from that.

02

The market is a mirror

Here is the useful way to read a cheat market, and it does not require buying anything or even naming a store. Treat it as a mirror held up to anti-cheat. Every product line on it is the reflection of a blind spot. If a whole category exists and sells and restocks, that category is a thing detection has not closed.

Read at that altitude, the catalog is not a shopping list, it is a map of limits. There is hardware that reads game memory from a second device the anti-cheat cannot see. There are setups that run the cheat on a separate machine entirely, so nothing suspicious ever touches the one being watched. There are the fingerprint spoofers that undo a hardware ban. Name the categories and stop there. The point is not how any of it works. The point is that the mirror shows detection has edges, and always will.

This cuts cleanly through two loud and opposite claims. It deflates “kernel anti-cheat is spyware that sees everything you do,” because a whole market lives and sells in the places it cannot look. And it deflates “if the anti-cheat is on, cheating is impossible,” because the mirror is a catalog of what gets past it. Both myths die on the same piece of evidence.

03

Why “not caught” is not “clean”

Detection is a trailing thing by its very design. A new cheat ships, and for a while it is undetected because no one has caught it yet. Eventually a sample is found and a signature is written and the door closes, and the seller ships a new build, and the window opens again. That loop never reaches zero. It cannot, because the defender is always responding to a move already made.

Which means the absence of a ban is the absence of a catch, and nothing more. “The anti-cheat is running” and “nobody in that match got banned” are real facts, but they are not proof that the game was clean. They are the quiet in between the catches. It is the same principle this whole Field Guide is built on, turned around to face the guardians instead of the software they watch: presence is not proof. A driver being present does not convict it, and an anti-cheat being present does not acquit a match.

04

Every verdict gets forged or hits the wrong person

If catching cannot certify a clean game, the honest hope is that the punishments at least land true. But look across the mechanisms and a near-law appears: a trust system built on a verdict is either forged by the people it targets or it misfires onto the people it does not. Usually both.

  • Hardware bansforged

    A ban keyed to your machine's fingerprint is meant to be permanent. Fingerprint spoofers, sold alongside the cheats, reset it for a fee, which is why the same seller offers both.

  • Phone verificationforged

    Tying an account to a phone number raises the cost of a new one. A resale market in numbers lowers it again. The gate slows the determined; it does not stop them.

  • Ban wavesmisfires

    Batching detections into a wave catches more at once, and sweeps up false positives with them. One player fought a 763-day battle to overturn a ban they did not earn, and won. The system offered them no way to simply show they were clean; they had to outlast it.

  • The crowd’s verdictmisfires

    Reports are a vote, and the vote is miscalibrated. Activision's own data has shown most Warzone cheating reports aimed at console players while nearly all detected cheaters were on PC, and a widely shared “caught on camera” case ended in exoneration once someone actually checked.

This is a verification gap, not an information gap. The trouble is not too little data. It is that the honest player has no way to prove the one thing that matters: that they played it straight.

05

The trust that worked was the trust you could see

There is a hopeful proof buried in anti-cheat's own history, and it points the way out. The enforcement system players trusted enough to staff themselves was trusted for one reason: you could examine it.

Counter-Strike's Overwatch

For years, qualified players could review the recorded evidence of a reported match and vote on it. The verdict was trusted because it was legible: you could see the same demo the reviewers saw. Valve then trained its machine-learning anti-cheat, VACnet, on those human verdicts. The automated system earned credibility because it was bootstrapped from evidence people could check.

The lesson. Proof came before reputation. The trust followed the thing you could see for yourself, not the thing you were told to believe. Sourced from Valve's own GDC 2018 talk on the system.

That is the whole move, stated once: legible beats opaque. It is also why independent researchers keep pressing on the modern alternative. A peer-reviewed analysis presented at ARES 2024 examined leading kernel-level anti-cheats and found that some of them share the defining traits of the rootkits they hunt, loading at boot, resisting inspection, watching broadly, and that this makes them hard to audit from the outside. Power you cannot inspect can only ask to be trusted. The thing that actually earned trust asked to be checked.

06

What proving makes possible

So turn the question over. If “not caught” can never mean “clean,” then stop trying to make catching carry a weight it was never built for, and give the honest player the other thing: a way to show how they actually played. A record, not a verdict. It has neither failure mode from the list above. There is nothing to forge, because the record either verifies or it does not. There is nobody to wrongly condemn, because it describes what happened rather than passing judgment on a person.

This is not a far-off idea. The market is already reaching for it, and away from pure detection. Razer partnered with World ID to give players a zero-knowledge “proof of humanity,” built so the proof itself reveals nothing about who you are. Efforts like PlaySafe ID tie one verified human to one account, held apart from your name, so a consequence follows the person instead of evaporating with a fresh account. And the appetite is there: in one 2025 industry survey of PC players, a clear majority said they would verify themselves to get a cheat-free game. The common thread is exactly the reframe: prove a property without exposing or judging the person. Real accountability, without the surveillance and without the accusation.

That is the door Vera walks through. Not a better net for catching what is wrong, but a record of how you actually played, made from your own machine and your own matches, yours before anyone thinks to ask for it. The cheat market taught the lesson without meaning to: you can buy your way out of being caught. You cannot buy your way into a true record of the game you actually played. Only playing it can do that.

How this entry is written

This entry describes an economy that harms real players and real games. It follows the Field Guide's rules, with two extra lines of care around the subject.

  • The record, never a referral. We describe how the cheat market behaves, drawn from court filings and named reporting. We name no seller, link to no store, and reproduce nothing from one. The point is what the mirror teaches, never where to find it.
  • A reference, never a how-to. We name the category of a technique the way a security advisory names a class of flaw, and stop there. We never explain how to cheat, spoof, or evade.
  • Structure, not a scare. The claim here is about how detection works, not about how many cheaters are in your lobby. We do not estimate that, because it cannot be estimated honestly, and a number nobody can check is the very thing this guide is against.
The practical thing
If you play
Read “the anti-cheat is on” for what it is: a deterrent, not a certificate. It lowers how much cheating happens; it does not prove a given match was clean. Judge a game by what it lets you see and check, not by how loudly it promises to catch.
If you compete
When your own play is doubted, an accusation is cheap and a denial is cheaper. The only answer that is not another claim is a record you can show. Keep the proof of how you played, so being believed never depends on winning an argument.
If you build
Detection is necessary and it is not sufficient. Pair it with something the player can hold: a verifiable, legible record of play, the way Overwatch's legibility earned the trust its successors struggle to. Give people a way to prove they were clean, not only a way to be caught.

The thread under all of it: a fair game should be something you can show, not something you have to be trusted about. That is the line the whole Field Guide is built along. For the anti-cheats named here, each has its own plate in the guide.

Sources
  • Activision Publishing, Inc. v. EngineOwning UG, ~$14.5M default judgment and domain transfer, and the subscription cheat model: TorrentFreak · PC Gamer
  • Counter-Strike Overwatch and VACnet trained on human verdicts (Valve, John McDonald): GDC 2018 talk
  • Wrongful ban overturned after a 763-day fight: PC Gamer · miscalibrated community reports (most target console, detected cheaters are on PC): PC Gamer · a Warzone pro cleared after a PC check: Dexerto
  • Privacy-preserving proof of humanity for gaming (Razer and World ID, no personal data): Biometric Update · players' appetite for verified fair play (PlaySafe / Atomik Research survey, n=2,013): Biometric Update
  • Peer-reviewed analysis of kernel-level anti-cheat and its auditability: ARES 2024 (ACM)
Cite this entry

Vera Project. ““Undetected” is a product.” Vera Field Guide (Field Note). The Vera Project. https://www.veraproject.xyz/field-guide/undetected