A bit odd to be allowed to EFI Boot OpenCore Legacy Patcher (OCLP) to begin with. A "secure" machine is supposed to boot only operating systems signed by Apple or Microsoft. I had a Late 2013 iMac but maybe back then boot security may not be as stringent as it is now. I can boot PopOS (Ubuntu derivative), too, which is not signed. A Windows machine like a Thinkpad of similar vintage appears to be much more stringent at boot security.
My guess is that Monterey now runs in a virtual machine provisioned by OCLP, which might actually be a very thin hypervisor. If you think about it, it is very difficult for a VM to compromise its hypervisor. We can audit OCLP ourselves because it is open source, so let's say we can be assured that OCLP itself is safe. It is conceivable to write malware to specifically target OCLP, akin to boot sector viruses in the 80's, but in order to update OCLP in EFI boot, administrator privileges are required. So just normal care to take a random privilege escalation pop-up with suspicion will prevent such exploits from happening. Most people hardly ever reboot their machines anyway. Ideas along this line seem very pointless to a hacker at any rate — whatever can be done to OCLP can be used to inflict damage to "genuine" Macs which is a far wider audience.
I do not exactly know this stuff and the reason why I am posting this is to try to learn by being corrected! Of course hackers may know of exploits I have never thought of or dreamed of. Let me know what you think.