Intel ME and AMD PSP: The hidden processors inside your CPU

Have you ever wondered what’s actually running inside your computer before your operating system even starts? Whilst most people think their CPU is a single processing unit, modern Intel and AMD processors contain additional hidden microprocessors that operate completely independently of your main system. These secretive components, known as Intel Management Engine (ME) and AMD Platform Security Processor (PSP), have sparked heated debates about privacy, security, and whether they constitute backdoors into our devices.

These embedded processors have been quietly operating in millions of computers worldwide for over a decade, yet most users remain completely unaware of their existence. The implications are significant: these systems have extensive access to your computer’s memory, network connections, and core functions, all whilst running proprietary code that cannot be audited by independent security researchers.

What exactly are Intel ME and AMD PSP?

Intel Management Engine represents a complete computing environment embedded within Intel chipsets since 2008. This isn’t simply a software feature you can uninstall. The ME functions as a dedicated microcontroller with its own lightweight operating system, running continuously regardless of whether your main computer is powered on, hibernating, or even completely shut down. Think of it as having a second computer inside your computer that you cannot directly control or monitor.

AMD’s approach differs considerably. The AMD Platform Security Processor, formerly called the Platform Security Processor, was introduced in 2013 as a 32-bit ARM Cortex-A5 core integrated directly into AMD’s processor dies. Unlike Intel’s chipset-based approach, AMD embedded its security processor directly within the main CPU itself, using ARM’s TrustZone technology to create isolated execution environments.

The fundamental architecture reveals an important distinction. Intel’s ME operates at what security experts call “ring -3” level, meaning it has even more privileged access than your operating system or hypervisor. AMD’s PSP operates at the hardware level, creating what the company describes as “two virtual worlds” within a single processor.

The business case: Why do these technologies exist?

Both companies developed these technologies primarily for legitimate enterprise management purposes. Intel’s ME was designed specifically as “a business-class feature intended for businesses to manage their fleets of computers”. Large organisations need efficient ways to manage hundreds or thousands of employee computers remotely, including the ability to troubleshoot problems, install updates, and maintain security policies without requiring physical access to each machine.

Intel’s Active Management Technology, which runs on the ME, enables IT administrators to perform remote management tasks even when computers are powered off or have corrupted operating systems. This capability proves invaluable for businesses managing large computer deployments, as it reduces the need for technicians to physically visit each problematic machine.

AMD positioned its PSP differently, focusing on security rather than remote management. The PSP handles critical security functions, including secure boot processes, encryption key management, and firmware validation. AMD’s approach centres on creating a secure foundation for the entire system, ensuring that malicious software cannot compromise fundamental system operations.

The PSP manages several crucial security features, including Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). These capabilities allow the processor to encrypt system memory automatically, protecting sensitive data even if an attacker gains physical access to the computer’s RAM.

Technical capabilities that raise eyebrows

The extensive capabilities of these embedded processors have understandably caused concern among privacy advocates and security researchers. Intel’s ME possesses remarkably broad system access that extends far beyond typical hardware components.

According to security expert Damien Zammit’s research, Intel’s ME maintains full access to system memory without the main CPU’s knowledge or consent. This means the ME can read, write, or modify any data in your computer’s RAM whilst your main processor remains completely unaware of these activities.

Also read: What is DLSS? What is the Difference between DLSS 3 and DLSS 4?

The ME’s network capabilities are equally concerning. It maintains full access to the TCP/IP stack and can send and receive network packets independently of your operating system’s firewall protection. Even if you’ve configured sophisticated firewall rules to block unauthorised network traffic, the ME operates completely outside these restrictions. It maintains a dedicated connection to the network interface and can communicate over the internet regardless of your system’s security settings.

Intel’s ME remains active even when your computer appears completely shut down. As long as the system receives standby power from being plugged into mains electricity, the ME continues running its own firmware. This persistent operation occurs independently of your computer’s power state, meaning the ME could theoretically monitor or communicate even when you believe your system is completely offline.

Also read: Intel vs AMD: Which Laptop CPU Should Gamers Pick in 2025?

AMD’s PSP operates quite differently, with more limited but still significant capabilities. The PSP runs independently from the main CPU using its own dedicated ROM and SRAM memory. However, crucially, AMD’s PSP lacks network access capabilities. This architectural decision significantly reduces the potential for remote exploitation, as any attacks would require physical access to the target system.

Examining the Backdoor Claims

The debate over whether these technologies constitute backdoors has raged for years, often generating more heat than light. Many of the most alarming claims require careful examination of their origins and supporting evidence.

Security researchers have documented legitimate vulnerabilities in both systems. Intel’s ME has experienced multiple security flaws over the years, including vulnerabilities that could potentially allow unauthorised remote access. However, according to Intel’s documentation, every documented remote code execution vulnerability in Intel’s ME has required Active Management Technology to be explicitly enabled and provisioned.

Also read: Things to consider when buying a business laptop

This distinction matters considerably. AMT represents an intentional remote access feature that organisations must deliberately configure. If you enable remote access capabilities on any system, vulnerabilities in those features create potential security risks. The pattern suggests that Intel’s ME functions more like any other remote management system, with similar associated risks, rather than a deliberately planted backdoor.

AMD’s PSP presents a different security profile entirely. The lack of network access means that “only one with physical access could exploit” any potential vulnerabilities. This significantly reduces the scope for remote attacks, though it doesn’t eliminate security concerns entirely.

One documented PSP vulnerability (CVE-2021-26333) affected the firmware TPM functionality and could potentially allow attackers with low-level system access to obtain sensitive information. However, this vulnerability required direct system access and was promptly patched when discovered.

The absence of definitive proof supporting deliberate backdoor claims doesn’t mean these systems are without legitimate security concerns. The proprietary nature of both Intel’s ME and AMD’s PSP firmware means that independent security researchers cannot conduct thorough audits of their code. This opacity naturally breeds suspicion and makes it impossible to definitively rule out intentional vulnerabilities.

Government involvement

The most credible evidence of government involvement emerged from researchers’ discovery of a hidden firmware bit in Intel’s ME called “reserve_hap” (High Assurance Platform enable). This undocumented feature can disable the ME after system boot-up, and security experts believe Intel added this capability specifically at the request of the NSA for use in highly sensitive government environments.

Dell has openly offered commercial customers the option to purchase systems with Intel ME disabled, marketing this service as “Intel vPro – ME inoperable” for custom orders. Dell stated that “some of our commercial customers have requested such an option from us, and in response, we have provided the service of disabling the Management Engine in the factory to meet their specific needs”. This commercial availability suggests that government agencies and security-conscious organisations have indeed sought ways to operate without these embedded processors.

The geopolitical dimensions have intensified recently, with China’s Cybersecurity Association formally accusing Intel of embedding backdoors in its processors at the direction of the NSA. Intel has responded by stating it “strictly abides by the laws and regulations applicable to its business locations”, neither confirming nor denying the specific technical claims.

Security vulnerabilities in practice

Both Intel ME and AMD PSP have experienced documented security vulnerabilities that demonstrate the real-world risks these systems can pose.

Intel’s ME has suffered from multiple significant vulnerabilities over the years. These flaws have ranged from privilege escalation bugs that could allow attackers to gain elevated system access to remote code execution vulnerabilities that could potentially allow complete system compromise. Intel has responded to these discoveries by releasing firmware updates and security patches, though the update process often requires specific actions from computer manufacturers or end users.

Also read: PCIe lane allocation: The silent bottleneck in modern laptops

The complexity of keeping ME firmware updated creates ongoing security challenges. Unlike regular software updates that users can easily install, ME firmware updates often require specific tools and procedures. Many users remain unaware that their systems contain outdated ME firmware with known vulnerabilities.

AMD’s PSP has experienced fewer documented vulnerabilities, partly due to its more limited network exposure. The most significant PSP vulnerability (CVE-2021-26333) affected the firmware TPM implementation and was discovered in January 2018. This flaw could potentially allow attackers with appropriate system access to extract sensitive information from the TPM, though it requires physical or local access to exploit.

The different architectural approaches create distinct vulnerability profiles. Intel’s ME, with its network capabilities and broader system access, presents a larger attack surface for potential remote exploitation. AMD’s PSP, with its focus on local security functions and lack of network access, faces primarily local attack vectors.

The critical differences between ME and PSP

Understanding the architectural differences between Intel ME and AMD PSP is essential for evaluating their respective security implications and potential risks.

Intel’s approach centres on comprehensive system management capabilities. The ME operates as a separate computer within your computer, complete with its own operating system, memory, and network access. This design enables powerful remote management features but also creates significant security concerns due to its extensive system privileges and network connectivity.

AMD chose a more security-focused approach with more limited capabilities. The PSP operates as a dedicated security processor handling specific cryptographic and security functions. By limiting the PSP’s role to security-specific tasks and removing network access, AMD significantly reduced the potential attack surface while maintaining the ability to provide hardware-level security features.

The network access distinction represents perhaps the most significant difference. Intel’s ME can communicate over networks independently of the main system, enabling remote management but also creating potential pathways for remote attacks. AMD’s PSP lacks any network connectivity, meaning that any security compromises would require physical or local access to the target system.

From a user control perspective, both systems operate largely beyond direct user oversight, though the degree of opacity differs. Intel provides some tools for detecting and managing ME functionality, whilst AMD’s PSP operates more transparently within its defined security role.

Making sense of the security landscape

The debate surrounding Intel ME and AMD PSP reflects broader tensions between security, functionality, and user control in modern computing. These technologies emerged from legitimate business and security needs, yet their implementation raises valid concerns about user agency and potential for misuse.

For most users, the practical risks associated with these embedded processors likely remain relatively low, particularly when compared to other common security threats such as malware, phishing attacks, or unpatched software vulnerabilities. However, the philosophical implications are significant: these systems represent a fundamental shift toward computing architectures where users cannot fully understand or control their own devices.

The choice between Intel and AMD processors now involves considerations beyond traditional performance metrics. Users concerned about remote management capabilities might prefer AMD’s approach, with its focus on local security functions and absence of network connectivity. Those requiring enterprise management features might find Intel’s more comprehensive remote management capabilities necessary despite the associated security trade-offs.