i think the joke requires knowledge that, if the exe is compromised, there's zero ways in hardware you can enforce read only mode on a USB stick, so it's probably done in software and is moot.
and also, if it's air gapped, why even have an antivirus. ... for air borne ones?
It's incredibly easy to enforce read only on a USB stick when you destroy it after bringing it into a classified environment. As for antivirus, aren't we talking _right now_ about bringing potentially infected drives into an network?
If one's role is to only update AV on the airgapped machine then their data transfer to the airgapped machine should be only going into one direction.