[jiggawatts]

The difference here is that A/V scanning and security vulnerability scanning can be done from the “outside” using read only privileges.

Many clouds now support scans of snapshots, removing the need for direct access to the read/write internals of a workload.

This is where your analogy falls flat a bit.

[atoav]

So you give another kingdoms access to your castle, but they are not allowed to touch things? Or they get details like your blueprints and who is stationed where?

Just kidding, I know there are ways to do this in a more complex and secure way, e.g. with self hosting services etc., but that is why I tried to not make it about all AV products.

The fact remains that this kind of layer can (and repeatedly does) introduce weak points that will be attacked. I am not saying there aren't ways to implement this well, with trade offs that are worth it. What I say is that: "Just add AV-product X" is likely a doomed approach.