As artificial intelligence and machine learning evolve, the battle over game source code is shifting. Cheat developers are now using AI-driven external capture cards to read video output and simulate mouse movements, bypassing the need to modify game code altogether.
If vulnerabilities are found within Vanguard's kernel driver source code, it could theoretically allow malware developers to exploit the driver to gain administrative control over a user's entire operating system.
In January 2023, confirmed that its development environment was compromised in a social engineering attack , leading to the theft of source code for several major titles. While Valorant is often mentioned in reports of this breach, Riot explicitly stated that Valorant's source code was not stolen . Breach Overview
Vanguard is not a typical application. It operates at , the most privileged level of a computer's operating system, allowing it to see everything happening on a PC. It consists of a driver ( vgk.sys ) that loads when the system boots, providing pre-emptive protection, and a client that actively monitors processes when Riot's games are running. This deep-level access allows Vanguard to detect and block sophisticated cheats that operate in kernel space, creating a much more level playing field than traditional user-mode anti-cheats. Valorant Internal Source Code
One of the most notable proprietary systems embedded within Valorant's internal source code is the mechanics. Traditional shooters send location data for all players across the map to every client computer. Valorant's server code calculates visibility dynamically. If an enemy player is behind a solid wall and completely out of line-of-sight, the server explicitly withholds that player's spatial coordinates from the client's memory. This prevents basic wallhacks from reading position data before a player enters view. 2. Riot Vanguard: The Kernel-Level Security Subsystem
, a kernel-level anti-cheat system that makes developing internal code significantly more difficult than in other games: Kernel Driver (vgk.sys):
Searching for, downloading, or compiling public source code labeled as a "Valorant Internal" carries severe risks for both your computer and your gaming accounts. Malware and Stealers As artificial intelligence and machine learning evolve, the
These programs run as separate processes in the operating system. They read the game's memory from the outside using standard OS functions (like ReadProcessMemory in Windows). They do not inject code into the game and often display information via an external overlay.
Valorant is primarily written in , the industry standard for high-performance game engines. This choice provides the granular control over system resources, memory, and rendering necessary for a competitive shooter. The game runs on a "heavily modified version" of Epic Games' Unreal Engine 4 . Riot Games chose Unreal Engine for its robust feature set, but a significant portion of its development work has been dedicated to customizing it to meet Valorant 's unique demands. As Riot's content support technical lead, Marcus Reid, explained, they have made "targeted major engine modifications" driven by strict performance requirements.
If you have a legitimate academic or security research purpose, you would need to contact Riot Games directly for authorization or rely only on their official public documentation and statements. In January 2023, confirmed that its development environment
Operating systems are divided into privilege levels called rings. Standard applications run in Ring 3 (User Mode). The core of the operating system runs in Ring 0 (Kernel Mode).
: The attackers demanded a $10 million ransom from Riot Games to prevent the public release of the code. Riot Games formally refused to pay the ransom. Impact on Valorant
The breach led to a high-stakes confrontation. The hackers demanded a hefty ransom of to prevent the code's public release. Riot Games unequivocally refused to pay the ransom, stating, "Needless to say, we won't pay."
Operating at Ring 0 allows the Vanguard driver to load during the system boot sequence, before standard user-mode applications or malicious cheat loaders can execute.