AFAIK: Companies like Elcomsoft can indeed "crack" both Bitlocker and Veraycrypt when your FDE protected device is in use or volumes have been mounted (What you refer as AFU)
They can read the Encryption key from RAM. Yes.
But when your data is at rest (volumes unmounted or device off - BFU) only Bruteforce can be used.
"Cold Boot Attacks" would be still a thing to think about, but as far as i know at least Veracrypt takes care of that