When hacks exist that use FPGA's to MITM PCI-e level data, I'm not sure what else you can do. The problem contradicts itself: You want a secure, unhackable game, but without essentially root/kernel access?

Heuristic-based anticheat seems to have fallen out of favor.

I honestly believe we should return to dedicated servers + admins. This hacker/anti-cheat arms race is never going to end.