I have seen so many topics that ask for kernel level anti-cheat, but most people have absolutely no idea what kernel even means or does. so let me try and make it as short as possible, i know that 99% of nowday players don't have patience to read over 2 lines, but computer science requires years of reading, not seconds. So you can't learn if you are unwilling to read more than 2 lines of text.

Kernel mode is directly related to your CPU (central processing unit) and how it operates. CPUs can operate in two modes: user mode and kernel mode.
in shortest way possible, kernel drivers have direct access to your hardware.

in user mode, process is created when you launch the program. this is where all the code is loaded into private / isolated virtual address space.
1) programs are isolated and use private memory
2) if program crashes, it doesn't effect other programs or windows
3) programs are limited and can't gain full access to other programs and modify their data, for example that's why you can't just modify windows core files with text editor, you will get access denied.
4) user mode provides stability and security. if your PC gets infected by user mode malware, then it won't be able to damage operating system core files and it can't access data it's not suppose to. lot of malware can still cause lot of damage in user mode, but it would absolutely annihilate your PC in kernel mode, it can even go as far as physically breaking your PC (like if malware sets your monitor driver to unsupported mode, it can literally damage the monitor, most modern day monitors should have built-in safeguards, but i wouldn't rely on it).

code is loaded before operating system and is sharing the same virtual address space
1) programs are not isolated and can interfere with eachother
2) if kernel program crashes, your entire PC instantly crashes, causing data loss
3) kernel level programs have full access to your entire PC, this includes protected core operating system files
4) kernel mode does not require any kind of permissions, it can edit all code on core level.
5) kernel mode has direct access to hardware and therefore drivers run faster and more effeciently in kernel mode.
6) kernel mode is for DRIVERS ONLY and does not provide any benefits to normal software, such as games or anti-cheats, since they don't need direct access to hardware.
7) kernel software is independent from user accounts, it means if you have multiple people using computer and only 1 of them installs kernel-based program, then it runs for ALL users.

it's very hard explaining this in few words, but there are many methods. anti-cheats check your game code vs original game code, but since game code is dynamic and constantly changing, you can't just make a "snapshot" of entire code and compare it. for example your ammo count changes, which gives different checksum when checked.

1) anti-cheat scans the memory area containing instructions / opcodes and generates a checksum, usually MD5 is used as it's fast way of checking large amounts of data. then ac compares this checksum against the original code (one provided by developers). if that matches, it means no cheat detected. if that checksum is wrong, then ac knows that code has been tampered with, in which case ac will launch more in-depth scan to determine which exact area has been modified, then ac will save that and send that data back to developers. this is how devs know exactly whetever it was false positive or not. like the AMD anti-lag driver that caused bans, they rolled those back, because devs can see the exact code that was modified and they determined it was not a cheat.

2) anti-cheat scans for running processes. if a known cheat or cheating tool is detected, then anti-cheat MAY trigger a ban, this depends. some anti-cheats just say "illegal program detected - program name" and it gives you chance to terminate the process or otherwise you just can't play. some games just close in presence of possible cheats.

3) anti-cheats have also list of known cheats and cheat tools, so whenever you start one of those tools, anti-cheat instantly detects it, but for that to work, devs have to manually make the list first.

4) anti-cheat does NOT scan for files or installed programs on your PC, this would conflict with most EU privacy laws and would not be allowed.

5) some anti-cheats have algorithms that measure your reaction time, accuracy and raw mouse data. i think this is what CS2 A.I. based overwatch is suppose to be and that's why you get banned for super high sensitivity as it confuses the ac to think you are using aimbot.

6) some anti-cheats are more complex and game specific, in which case they also know if player is looking at another player thru wall, if you keep doing that for too long and too accurately, ac will assume you was cheating.

7) most anti-cheats are able to detect aimlocks (it's when aimbot locks onto target, but doesn't instantly turn towards enemies, you must move your crosshair very close or on top of enemy and then it locks-on)

8) some anti-cheats scan for unknown overlays, but it's a BAD practice, because nowdays we have so many tools that have overlay, such as MSI afterburner, nvidia, AMD, steam itself, epic games, discord ..etc ..etc. if i was dev, i wouldn't ban anyone based on overlay, but i'd make it take screenshot and send it for manual overview (planetside 2 is doing that btw).

9) most anti-cheats also scan for 3rd party processes that try to attach themselves to game (such as debuggers). so even if you don't cheat, but use a tool that can be used to create cheats, then this will most likely trigger a ban.

running anti-cheat in kernel mode has absolutely NO benefits whatsoever in detecting cheats. code runs exactly same in kernel and user modes.
ONLY benefit i can think of, is that it can prevent users from tampering with anti-cheat by disabling it or corrupting it, but cheats don't disable anti-cheat anyways, they just run in a way that cannot be detected by AC.

I think it's against steam policy to provide exact details, but i will list some generic methods.
1) aimbots with perfect accuracy: this requires code injection, which means that any AC that is capable of checking game's memory, would instantly detect those cheats.

2) no spread / no recoil ..etc - this usually requires code injection, BUT there is alternative method that takes time and requires updating after each patch. That method directly changes recoil patterns in the dynamic memory area, so it cannot be detected by just scanning the game's memory for code changes, code remain intact, it's just the simple values that have been altered (like amount of ammo and you can't get banned based on that, because in case of lag, your ammo is lower than in server, in which case server forces that amount of ammo -- this is what you see when you rubberband, on your screen you moved, but that data never reached server, so it puts you back where server thinks you should be).

3) recoil reduction - this can be done by using external macro, most gaming mice nowdays have macro capabilites, in this case only A.I. based anti-cheat is capable of detecting this. i haven't used it in cs2, but i used Bloody gun v3 mouse in csgo, which has built-in recoil reduction system, it works miracles with AK, but it only has 3 profiles. i used 1 for rapid-fire pistol, 1 for AK and 1 for generic recoil reduction.
however this is hardly considered as cheat, because any pro player with 1000+ hours can control recoil just as good or even better.

3.1) you can use more complex macro by giving it a random factor, so it's never exactly same + when mixed with your hand movement, it is 100% undetectable. there's no anti-cheat that can ever detect this method

4) external radars - these are usually undetectable and will remain this way, because they're read-only. cheat software will only READ game's memory and it is not possible to detect whetever another program reads game's memory or not.

5) wallhacks - there are many types, but mostly they're undetectable because they're also just read-only. cheat software reads game memory and grabs player coordinates, which is then printed onto your screen by using overlay. also those overlays are designed not to show on videos or screenshots, so asking someone to screenshot or stream, means nothing. this method also doesn't alter game code

6) cheats and cheating tools can also run in kernel mode.

7) network based wallhack - long ago i made PoC (proof of concept), but i have never seen any practical cheats that use this method. this type of cheats are literally impossible to detect, because data is being read from network packets that is being sent between your PC and game server. you can route your traffic via secondary PC and intercept + edit all network traffic on another PC. So there's no possible way for any anti-cheat to detect presence of such cheat. you can draw the extracted player data as 2D or 3D radar on other computer's monitor.

8) sound based cheats: some cheats amplify quiet sounds or completely add new sounds, for example sound-based wallhack. those are often used in tournaments, but they still require same method as any other wallhack, it first needs to know location of enemy players, which can be optained from game's memory or network packets.

NO, because running program in kernel mode does NOT change how it detects cheats.

running game itself in kernel mode would have only benefit that most cheating tools would not be able to access game's memory at all, but you can just run cheats and cheating tools in kernel mode aswell, so what is the point?
running game in kernel mode is extremely dangerous and dumb thing to do, hope no devs ever do that.

1) what if a scammer or hacker compromises kernel-level software?
such as anti-cheat or game itself? CS2 uses workshop content, imagine if game would run in kernel mode and then someone puts malware into workshop content? That malware would then run in kernel mode! attacker can literally brick your device with kernel access.

2) kernel drivers are also responsible for measuring temps and voltages, so if kernel level software is compromised, it can mess with your readings or even force wrong voltages, which can literally damage your hardware.

3) since kernel software cannot be just loaded/unloaded like normal programs, it means it runs ALL THE TIME, even when you are not playing.

4) riot games has even stated that their vanguard kernel anti-cheat starts before windows and runs even when you are not playing, is this the kind of control you are ok with? What if vanguard gets compromised? then attacker has full access to your PC.

5) You should really read THIS: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
It turned into such global scandal, that it has its own wiki article, are you REALLY ok with kernel AC having FULL control over your PC? it's just matter of time when they start modifying your entire windows to prevent "cheating". imagine if they modify your windows to prevent installation of certain software even when not playing CS2? you ok with this?

problem IS that anti-cheat software is not able to tell the difference between cheat and not cheat.

1) anti cheat scans your processes and finds:
firefox.exe
firefox.exe
what will it do? ban you because you have 2 firefoxes open?

2) kernel or no kernel, anti-cheat still can't make difference between legit programs and cheats.

3) even if you make some super anti-cheat that can detect all known cheats, all it takes is to embed cheat software inside another program, such as firefox.exe. in order to be able to detect cheats that are embedded into other software, AC would need to be able to scan every single process memory that is running, this includes session data, that often includes very sensitive info, such as password hashes.
not only it goes against privacy laws in many countries, it is TIMETAKING and heavy process, you know how anti-virus scans your PC? its very time taking and resource-hungry process, it would cause games to lag on colossal level.

would you really trust any game developer with such access?
what if government offers them like 100 billion dollars for a backdoor?
this has happened many times in past where companies sell out and provide back door to governments.

This is why there are privacy laws that prohibit such intrusive software. That's what "malware" is, it's software that invades one's privacy. AND it still won't solve the cheating problem, because what you need is better method of detecting undetectable cheats.

microsoft also charges about 500 usd per year for kernel driver signing. In order to even get your kernel driver signed, you have to buy license and this process takes time. They have to send their kernel "anti-cheat" for signing, so microsoft would make sure it's legit and doesn't contain any malware, BUT if it's already operating in kernel mode, it can easily be modified or used to do harm, as in if it gets compromised.

Making kernel level anti-cheat will cause more harm than good and it still wouldn't change the way cheats are being detected.

1) wah wah but valorant uses kernel and it has no cheaters!!
WRONG, valorant has as many cheaters as any other PvP shooter, only reason why valorant uses kernel, is to be able to access HWID (hardware id). they ban based on HWID, so you can't just make new account and keep cheating, you have to spoof your HWIDs and if you do it on user mode level, then those changes will only take effect AFTER you boot windows, but since kernel driver runs before windows starts, it will be able to pull the actual HWIDs and keep you banned.
However spoofing HWID on "kernel" is still possible, most cheaters are just not smart enough to even google for it.
for example nvidia has a tool for editing firmware on their GPUs, which also includes HWID. however such tools can brick your hardware if you do something wrong.

even tho valorant uses kernel AC to be able to ban players based on actual HWID, it still DOES NOT detect cheats any better than non-kernel.
ONLY benefit that riot's vanguard has, is that it can see your original HWIDs, which can STILL be spoofed by anyone who knows how to use google.

and question remains: what if kernel level software gets compromised by scammer or hacker?

I hope this will clear it once and for all why kernel anti-cheat would NOT detect cheats any better than non-kernel.