IIRC, in this case it's the kernel accessibility API that's spawning these client processes from kernel-space, due to events the kernel is observing directly, rather than events being reported to the kernel from a userspace process — which is precisely how these accessibility helper UX processes get to be privileged in a way that regular userland processes aren't.