In computers you have user space and kernel space.

Some programs need special privileges and need to run in kernel space. I don’t have any experience with anti cheat software but I can think of two blindingly obvious reasons why you would want to run an anti-cheat program in kernel space.

First is that it will give you sufficient privilege to observe and detect an executing process from a known cheat program. Applications in user space have limited ability to observe other running processes.

Second is that only in kernel space do you have sufficient privilege to fully observe input devices. If you can check the game’s input signals against the what the mouse hardware is actually doing you can identify if an aim bot style tool is being used.

There are likely several more reasons that anti cheat software needs to run in kernel mode but these two are blindingly obvious from my perspective as someone who doesn’t have any experience in anti cheat.