Part of the Snowden leaks showed that the NSA had made exploits for a ton of vendors that abused vulnerable SMEs with special versions for various servers.

I think it was shortly afterwards that Intel downstream OEMs started offering a reduced/partially disabled ME for general government purchases only, which is how some of the custom ME disable projects work.

But the fact that neither Intel nor AMD bothers to explain why the ME needs to exist is insane, especially since it runs at ring -2 above ring -1 where the original boot process starts.

IME having a full network stack is crazy. Imagine telling people they have a complete hardcoded OS running on every machine with complete host and network access.

Someone has paid fat stacks to keep the media quiet, even after the massive vulnerability disclosures.

I heard nonstop reports about spectre and meltdown in the general news for a year, but I never heard a peep about SA-00086 or even the IME much later after its introduction.