Yes, and Apple 100% has the capacity / ability to filter out "fake" AirTags on their back-end. All they need to do is setup a manufacturing process that captures the public keys.
So the phones will still relay the beacons to Apple, who can then do things and just reject messages from these fake tags.
(I worked for a Medical Device Company that set all of this up within our supply chain).
If they haven't been doing this so far, it seems like it will be a tough job to record them after the fact. Perhaps they could interrogate each device and require it to be re-adopted, then record the data at that point but it seems like an arms race they won't win.
So the phones will still relay the beacons to Apple, who can then do things and just reject messages from these fake tags.
(I worked for a Medical Device Company that set all of this up within our supply chain).