Did Server-Side Anti-Cheat Kill Client-Side?
The short answer: No. And it never will.
The real answer: You need both. Always.
In the gaming industry, there’s been a growing narrative (which I also contributed to) that server-side anticheat is the future - that it’s “better” because it’s future-proof, and that client-side is “old school” and unnecessary.
It’s an appealing thought - until you actually understand what each one does.
Server-Side: The Untouchable Watcher
Server-side anticheat runs far away from the reach of cheaters. It observes player behavior, analyzes physics violations, detects impossible actions, and identifies patterns that reveal abuse. Because it understands the full context of the game, it can uncover both mechanical cheats - like aimbots, speedhacks, rapid fire, and even wallhacks - and behavioral abuse (AKA Griefing) such as AFK, camping, feeding, intentional friendly fire and chat or VOIP abuse. It’s future-proof because no matter how clever the hacker is, they can’t manipulate the server’s copy of reality.
But server-side has limits:
- It’s post-process. The abuse has to happen before it’s caught. That means the damage to the match, to the player experience is already done. It’s not a cop stopping a crime in progress - it’s a prosecutor building an airtight case after the fact - think Law & Order, but instead of months it does it in minutes.
- It’s compute-heavy. You can’t realistically analyze 100% of matches for a major AAA game. Even at 50% coverage, you’re pushing cost boundaries.
Client-Side: The Real-Time Shield
Client-side anticheat lives where the action happens - on the player’s machine. It can detect and block memory reads/writes, file tampering, and injected code in real time. That means cheats are stopped before the bullet is fired, before the wall is clipped through, before the player even realizes they were caught.
Yes, it can be bypassed, because it’s on the hacker’s turf. But when it works (and it often does), it stops the majority of low-to-mid sophistication attacks dead in their tracks.
Recommended by LinkedIn
The Two-Layer Defense
Think of it like a missile defense system:
- Iron Dome stops short-range rockets - the ones that are the most common and cause the most frequent harm.
- Arrow 3 handles the less common but devastating long-range missiles that bypass the first layer.
In anticheat:
- Client-side is your Iron Dome - stopping the majority of everyday cheating attempts instantly and preventing game file and memory corruption.
- Server-side is your Arrow 3 - catching the sophisticated threats that breach the first layer (preferably, after minutes of the abuse) and doing so in a way that hackers can’t erase.
Why ‘One or the Other’ Is a Dangerous
If you only rely on server-side, you’re letting every attack happen first and hoping you catch it after. If you only rely on client-side, you’re betting that your defense will never be bypassed - which it will.
Together, the synergy is massive:
- Client-side keeps the overall cheating volume down while feeding server side with insights on players, helping it get smarter.
- Server-side focuses on analyzing a smaller pool of suspicious activity in detail - reducing cost and improving accuracy, while also detecting toxic players that do not need to hack the game in order to be abusive.
This isn’t redundancy. It’s strategy.
Final Words
Server-side didn’t kill client-side. It completed it.
The smartest studios already know: the future of fair play isn’t about picking sides - it’s about layered defense. Because in the war on cheating, you don’t bring one weapon. You bring the whole arsenal.
Substantial Group•189 followers
7moA lot of people (players) have this general idea that an anti-cheat is there to solely prevent cheating, but there’s a hidden game of economics under it all that isn’t obvious to most people. The ultimate goal of any purpose-built client-sided anti-cheat (e.g. Vanguard) isn’t to prevent cheating, but rather to raise the cost to cheat and make it less affordable, and by doing so, making it less popular and significantly thwarting the damage it can do to communities. The economics are similar to that of captchas on web forms. If not for captchas, bots and scrapers can freely do what they want for only the cost of the infrastructure they run on. But with a captcha challenge, they then also need to pay fees for each captcha solved by a service that does so. It’s similar to cheating in online games because there’s also a cost to implementing and maintaining anti-cheats and all of the supporting infrastructure around them. It’s always been a game of cat and mouse (this is the famous saying in this space afterall) and the space is only going to get more interesting as cheating methods become more obscure and harder to catch, while server-side anti-cheat evolves to detect more anomalies and more accurately.
Vontier•10K followers
7moGood post, Thanks for sharing. In UE5 I use server rendering (RPC's) to call functions from client to server and select on which function will run on the Server or Client and which one to run as Multicast. That prevents some hacking but I believe everything is hackable, if the hacker understand the functions he can manipulate the Data coming from the server to the client for example If I set Shift key to Sprint(500Speed) and it will run as Multicast (everyone will see my actor run 500Speed) they can manipulate it by hacking the server functions, if it was on the client they would just adjust the decompile the game folder and adjust the speed manually.
Getgud.io•8K followers
7moBig thanks to Martin Hedlund for the insight that sparked this shift in thinking.