I would have thought that mining has certain types of maths encoded into the runtime, repeated frequently, and an "AI" system bot could be designed to detect this running on a system. The runtime could then be highlighted for examination by humans, and warnings given to the users in question.
In other words, an "anti-crypto antivirus' hypervisor. Between the system resources used and the maths looped, certainly something should be able to be figured out.
But to me it sounds like the industry would rather take a shortcut than apply a (admitting more complex) skillset to solve the problem.