The Intel Management Engine (ME) is an autonomous subsystem that has been incorporated in virtually all of Intels processor chipsets since 2008. It is an embedded microcontroller running a lightweight microkernel operating system that performs various tasks while the system is in sleep. The ME is a separate independent processor core that is actually embedded inside the Multichip Package (MCP) on Intel CPUs. It operates all-by-itself and separate from the main processor, the BIOS, and the Operating system (OS), but it does interact with the BIOS and OS kernel. The ME is a black box of mystery code at the lowest level, in ring -2, with complete control over every part of the system.

The ME is one of several firmware sets for the Converged Security and Manageability Engine (CSME) by Intels current terminology as of 2017. Prior to AMT version 11, CSME was called Intel Management Engine BIOS Extension (Intel MEBx). The ME is built into many Intel Chipset–based platforms and is a small, low-power computer subsystem. It performs various tasks such as power management, system security, and remote management.

The ME has been criticized for its deep system access and presence on every modern system with an Intel processor, making it a juicy target for attackers. While Intel provides no way to disable the Intel ME, other people have experimented with disabling it. However, disabling the ME is basically impossible for the average user, and thats by design. Intel doesnt want its competitors to know the exact workings of the Management Engine software, and it seems to be embracing "security by obscurity" here, attempting to make it more difficult for attackers to learn about and find holes in the Intel ME software.