Vanguard’s architecture is a direct response to the failure of on-demand anti-cheat. If a cheat can load a kernel driver after the anti-cheat has started, it can hide its presence. By loading at boot, Vanguard establishes a "trusted execution base" from the very beginning. It can then enforce strict code integrity policies, block unsigned drivers known to be used for cheating, and monitor system calls for anomalies. The moment a user disables Vanguard, Valorant refuses to launch. This "always-on" model was met with immediate and fierce backlash from privacy advocates and power users, who decried it as spyware or a rootkit. Riot’s defense was simple: the integrity of the game’s competitive environment demanded it. The final, decisive piece of the puzzle arrived with Microsoft’s Windows 11 in 2021. Windows 11’s most controversial system requirement was not a CPU speed or RAM size, but a security feature: TPM 2.0 (Trusted Platform Module) and, crucially, the mandatory default enabling of UEFI Secure Boot. While Secure Boot had existed for years, it was typically disabled by default on consumer PCs for compatibility. Windows 11 changed that by requiring that the PC be capable of Secure Boot and have it enabled to install or run the operating system.

Whether this is a necessary evolution or a dangerous overcorrection depends entirely on one’s perspective. For the frustrated competitive gamer, it is liberation from the scourge of cheating. For the free-software advocate or the PC hobbyist, it is a slow, insidious lockdown of an open platform. What is undeniable is that the technical architecture is now in place to extend this model far beyond gaming. Imagine an operating system that refuses to boot if the user’s browser is not signed. Imagine an anti-piracy system that runs at the firmware level. The precedent set by Valorant on Windows 11—that a third-party application can demand a cryptographically verified, kernel-locked system as a condition of execution—has opened a door that cannot be easily closed. The debate over who truly controls a PC is no longer theoretical; it is playing out every time a gamer clicks "launch." And for now, security has won, but freedom has lost a crucial battle.

A Windows 11 PC with Secure Boot enabled is not fully owned by its user. The user cannot easily boot an alternative operating system without navigating complex menus to disable Secure Boot—a process that may break Windows 11 functionality. They cannot run legitimate low-level system tools (like custom debuggers, memory editors, or certain virtualization software) without triggering Vanguard’s wrath, which may result in a ban.

However, the costs are profound and raise critical questions about the future of the PC as an open platform.

The user must trust Microsoft, the PC vendor (who holds the Secure Boot keys), and Riot Games implicitly. Vanguard runs with the highest possible privilege, from boot to shutdown, and can see everything on the system. While Riot has published transparency reports and subjected Vanguard to third-party audits, the potential for abuse—whether intentional (data collection) or accidental (a bug that crashes the system or opens a security hole)—is non-zero. The system is predicated on absolute faith in the anti-cheat vendor.