Client <-> Server architecture can still take you a long way. Culling what you send to the client and relying less on client-side "hiding" of state, server authoritative actions with client-side prediction, etc.
At the end of the day someone could be using hardware "cheats" but you can get down to a pretty good spot to stop or disincentivize cheaters without running rootkits on their devices.
You don't need a "hardware cheat"; just a program that reads the memory representation of stuff. This is nothing new and already how many cheating tools work, and is exactly what all these anti-cheating things are designed to prevent.
If you try to read memory nowdays the naive way, with cheatengine for exaple, you will get banned in any online videogame.
Even having CE installed on your machine - or software like IDA or Olly back in the day - is enough for some games to immediately permaban you. In some cases, having virtualization enabled and having VM software on disk (VMware, wsl2, etc.) can trip up some anticheats.
The average player isn't a developer and doesn't need such things, so some game devs defer to the side of caution. The false positives are a miniscule and acceptable fraction of players.
Latency significantly reduces the effectiveness of culling via the server. There will always be a place for client side anti-cheat if games are running on players' computers.
Funnily, for example, using GeForce Now prevents almost all kind of cheats. Maybe the future of the competitive gaming is that you only use remote client for remote server which is hosted by the game company.
loading story #42002175
loading story #42006163