icecompany.tech/Icecompany
/ Game security|In development — alpha Q4 2026
Kernel-mode telemetry where it earns its keep, behavioural detection elsewhere. Transparent about what's collected. No always-on drivers, no scope creep, nothing that survives uninstall. The anti-cheat is a guest, not a tenant.
What we won't do
If a player removes the game, the driver goes with it. No leftover kernel modules, no "permanent" device entries. Every uninstaller leaves the same machine it found.
The detection layer runs while the game runs. Period. When the game closes, our processes close. The player's machine is not our surveillance device.
We will publish, in plain English, the full list of what's read from a player's machine. If the list grows, the publication updates — before the build ships.
Hardware fingerprints help with repeat offenders, but lifetime bans tied to a motherboard go too far — especially across resale or family-shared machines. Account-level enforcement first; HWID escalation only with operator review.
When a player asks "why was I flagged?", the studio gets a real answer. Not "the algorithm decided". Detection categories are documented; appeals route to a human in the loop.
Three layers
Kernel-mode telemetry
Signed driver, narrow scope: process handle hijacks, unsigned-module injection, DMA-attack indicators. Loaded when the game launches, unloaded at exit. Source is provided to studios under NDA for audit.
Windows · macOS
Userland telemetry
In-process detection: hooks on key syscalls, page-protection checks, input timing statistics that distinguish humans from scripts. Runs as part of the game binary, not a separate service.
Windows · macOS · Linux
Server-side behaviour
Aim curves, reaction-time distributions, decision quality under contested resources — statistical and ML-assisted analysis of telemetry the game already sends. The cheapest layer to ship and the hardest to evade. Most detections happen here.
All — server-side
Timeline
Research projects don't ship on calendars. These are the milestones we're working toward.
Reading public reverse-engineering reports of Vanguard, BattlEye, EAC. Writing a threat model document with explicit non-goals. Talking to two studios about their cheat reports.
Server-side behavioural analysis layer running on real match telemetry from a friendly studio. No client integration yet — pure analytics pipeline + dashboard.
L2 (userland) added on top of L3. SDK provided to 1–3 select studios under NDA. Source is auditable. Detection categories documented in writing before any ban can fire.
Kernel layer added only after L2/L3 prove value. Driver code goes through external security review before any signed build ships. Wider studio program opens.
For game studios
Q4 2026 alpha takes 1–3 studios. If your game is competitive, online, and you've outgrown what off-the-shelf Icecompanys give you — or if you've watched players uninstall over them — let's have a conversation. Early signal shapes the product.
What an intro call covers
What we don't do on intro calls
Replies come from a real engineer, not a sales relay. Usually within a working day.
Write to
studios@icecompany.tech