John McDonald, then an engineer at Valve and now a programmer there having spent over 12 years at the company, presented this talk at GDC in March 2018, walking through how Valve built VACNet, a deep learning system designed to detect cheating in Counter-Strike: Global Offensive. The talk covers the motivation behind the project, the data pipeline that made it possible, the infrastructure needed to run it at scale, and the design principles that made it durable against adversarial adaptation.

This article focuses specifically on the anti-cheat architecture. Think of it as a case study in applied deep learning for a live, adversarial environment, with lessons that apply to any multiplayer game with a cheating problem.

One note on timing: this talk predates Counter-Strike 2, which replaced CS:GO as the live game in September 2023. Where relevant, we'll note how the system has evolved since.

The Treadmill: Why Valve Wanted Off It

Traditional anti-cheat is manual rule-writing. An engineer identifies a cheat, writes a detection, ships it, and bad actors route around it. Then you do it again. McDonald had a name for this: "the treadmill of work." Valuable work, he acknowledged, but a commitment with no finish line.

CS:GO made this worse than most games. Around 75–80% of its codebase was unchanged from Half-Life 2, meaning a cheat written in 2005 for Half-Life 2 deathmatch would still work on CS:GO with roughly five to ten minutes of modifications. The attack surface was enormous. And every public disclosure of a detection technique immediately invalidated it. Cheat developers were watching, and the method would stop working before the conference stream ended.

McDonald described the pitch to Valve in 2016 this way: humans watching matches can tell that cheating is occurring. They're detecting a pattern. Deep learning is very good at detecting patterns. If you have enough labeled examples of inputs (match data) and outputs (verdicts), you can train a model to map one to the other. Engineers writing traditional anti-cheat were effectively writing that mapping by hand. Deep learning could build it automatically. The trade: data and compute for engineering time. At Valve, they were perpetually short on engineers and had plenty of both.

The Unlock: Your Labeled Data May Already Exist

The central question in any supervised deep learning project is where the training data comes from. Building a labeling pipeline from scratch is expensive and slow. Valve had a shortcut hiding in plain sight.

CS:GO had been running a peer-review anti-cheat system called Overwatch since 2012. Trusted players were assigned cases (an anonymized eight-round demo from a flagged player) and asked to vote on whether cheating had occurred. Verdicts required roughly 99.8% confidence as measured by a Naive Bayes model over juror votes. In practice, convictions typically reached five nines of certainty. Jurors were extremely careful, operating under a "beyond a reasonable doubt" standard.

That system had been running for years. Without anyone explicitly designing it as such, it had become a large database of labeled training examples: demo files paired with human verdicts. They had X and Y. They just hadn't used them yet.

The lesson is worth sitting with. Before investing in a labeling pipeline, it is worth asking whether your game already has a labeled dataset somewhere that you haven't recognized as such. Moderation queues with resolved outcomes, player reports with confirmed bans, peer-review systems. These may be training data in disguise.

Trust Score: Limiting Blast Radius

Before VACNet, Valve had built a separate tool for the cheating problem: Trust Score, launched in 2016. It deserves its own section because it solves a different problem.

Trust Score is a model trained on how players interact with CS:GO and the broader Steam platform, and it predicts the likelihood of a future ban. That score feeds into matchmaking as an additional signal alongside skill and map preferences, clustering players with similar trust levels together.

McDonald was direct about what Trust Score does and doesn't do: it "doesn't reduce the rate of cheating," he said. It reduces "the blast radius." Honest players encounter cheaters far less often. Suspected bad actors get sorted into lobbies with each other. The cheaters are still in the game; they're just not in your match.

As a design pattern, this is a useful distinction. Catching and banning cheaters is one lever. Limiting who they can affect while detection and banning happen is another. They operate independently and both contribute to the player experience.

The Real Work Is Data Engineering

McDonald used a food analogy that stuck: deep learning is the meat grinder. Your raw game data is the cow. The actual work is turning the cow into uniform, correctly sized inputs the grinder can process. That's where almost all the effort lives.

He estimated the breakdown at 95% data engineering, roughly 1% model training, and 4% everything else. And crucially, the data engineering is standard engineering work. Parse the replay files. Extract per-shot features. Build fixed-size, consistently structured input sequences. None of it requires deep learning expertise. It is just pipeline work at scale.

For VACNet specifically, each input unit represented a single shot and contained: the weapon used, the shot outcome (headshot, hit elsewhere, or miss), target distance if a hit occurred, and delta view angles (the frame-by-frame change in both vertical and horizontal aim from half a second before the shot through a quarter second after). The model consumed sequences of 140 consecutive shots drawn from an eight-round window and predicted the probability a juror would convict.

The specific parameters (140 shots, the half-second and quarter-second windows) were chosen without strong analytical justification. "Sort of purely capriciously," as McDonald put it. The model does not care about the exact values. What matters is that the structure is consistent every time.

Keeping Humans in the Verdict Loop

VACNet was not built to ban players. That distinction shaped the entire architecture.

The system watches matches, identifies players it believes are cheating with high confidence, and submits those as cases to Overwatch. Human jurors review the cases and render verdicts. Guilt is still determined by people. VACNet is improving the quality of what those people see: human-submitted Overwatch cases resulted in convictions 15–30% of the time; VACNet-submitted cases converted at 80–95%.

The reasoning was deliberate. A VAC ban is permanent. It blocks access to 98% of CS:GO servers and marks a Steam account in ways that cannot be undone. Taking that action purely on automated confidence, even at very high confidence, introduces risks that McDonald was not willing to accept, particularly given the potential for false positives on edge cases or novel inputs. The model flags. Humans decide.

For any game system where the punishment is meaningful and irreversible, this design principle holds. The model is a triage tool. It does not replace the final call.

The Self-Reinforcing Loop: Why Disclosure Doesn't Break It

After spending forty minutes explaining exactly how VACNet works to a room of game developers, with a livestream running, McDonald addressed the obvious question: did he just hand cheat developers a roadmap?

No. And the reason is architectural.

VACNet runs in a continuous loop alongside Overwatch. It submits cases, humans adjudicate them, and those verdicts feed back into the next retraining run. If a cheat developer learns the specific time windows VACNet analyzes and tries to suppress the cheating signal during those windows, human jurors will still recognize the behavior as cheating and convict. The next training run incorporates those verdicts. The model learns the new pattern.

The window sizes themselves were arbitrary. Expanding them requires finding the retraining command in your shell history and pressing enter. The model retrains in around six hours. A cheat developer building a counter-model from scratch is looking at months of work and a data problem they cannot solve: "The algorithm you pick in deep learning doesn't matter," McDonald noted. "The thing that matters is more data." Valve had far more labeled data than any external actor could accumulate.

The loop also means the system gets more durable over time, not less. Every time a cheat developer adapts, they generate new behavior that jurors evaluate. That evaluation becomes new training data. The system grows from each attack.

It's worth noting that behavioral analysis from the server side is one paradigm, not the only one. Source-code level anti-cheat tools like Mirror Networking's GUARD take a complementary approach: instead of running as a separate process that cheaters can identify and bypass, GUARD embeds directly into the game's source code and operates on a "silent detection" philosophy. Rather than confronting suspected cheaters with a visible ban message, it quietly reports suspicious activity to the game server. The cheater doesn't know they've been flagged. That information asymmetry is the point. The underlying philosophy is the same as McDonald's reason for not disclosing VAC detections: once a cheat developer knows what you're looking for, they start hiding it.

What Came After

Since this 2018 talk, VACNet has continued to evolve alongside the game it protects. When Valve launched Counter-Strike 2 in September 2023, replacing CS:GO as the live title, VACNet came with it, now called VAC Live and described as the third generation of the system.

The most significant change from what McDonald described in 2018 is real-time detection. The original VACNet flagged players for Overwatch review after a match concluded. VAC Live can now cancel a match mid-game the moment a cheater is detected. That shift from batch analysis to live inference is exactly the direction McDonald identified as "ongoing work" in 2018.

The self-reinforcing loop he described remains the core of how the system operates. The treadmill is still running. It just no longer requires an engineer to keep stepping on it.

—

This article is based on and cites the original GDC talk by John McDonald, published on the GDC Festival of Gaming YouTube channel. All rights in the original content are owned by their respective owners.