Linux

World of Warcraft (yes it still has a bot problem, turns out it's even more complicated of an analysis with hundreds of thousands of people playing the game wrong) unironically is the biggest game to do this and report on it. They track player movement, skill usage, cursor position on screen and likely a thousand more data points to determine if a real player could possibly do the things being done and auto flag and auto ban based on that.

I believe VAC also has heuristic capability for FPSs if you enable it as a developer, as CS2 (at least, I think CS Source had a similar system) can detect unrealistic movements, perfectly timed clicks and all manner of movement scripts based solely on timing and not memory editing or other executable interference.

But yes most games really don't want to have an active cybersecurity team dedicated solely to studying game mechanics and deciding what is or isn't realistic, and while heuristic analysis of memory (i.e. catching injected cheats) is also a thing, that also requires a security team capable of that; and as someone who once tried to get into the cybersecurity field all of that is expensive. You're not getting a single person, much less a team, for less than 6 figures a year, and the amount of work generated that cannot be automated necessitates a fairly large team. CS2 gets around this a bit by having trusted players review iffy VAC detections which then feed into VACnet (which was released fairly recently) to have AI auto-review the heuristic detections based on known good reviews; but still the sheer volume of detections in a heuristic system (even well tuned ones) requires constant moderation.