HP iLO / Intel ME
Those are wonderful remote management interfaces.
The work of engineers can be drastically reduced in case of an emergency.
A critical vulnerability in those for sure costs a lot of money.
The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers. Recently leaked Conti documents show the criminals developed the software more than nine months ago, and this is important because exploiting these kinds of weaknesses …
I think Intel very much screwed the pooch on this one, long term.
If you have to choose between a chip that uses more energy and then forced you to waste someo of that performance on keeping backdoors shut or something that's both cheaper, faster and more energy efficient it would almost amount to criminakl negligence if you didn't pick AMD. Or Apple's M1, but that's not going to help you much on the server side.
Google AMD PSP CVE
... then come back and tell us how "secure" AMD is. (I have Intel, AMD, AIM [PowerPC], Motorola, and Broadcom CPUs, and am not slamming or praising any of them for security or lack thereof.) The Platform Security Processor is AMD's flavor of Intel's Integrated Management Engine.
AMD has PSP. Since that's already been posted about I won't bring it up again...
M1 is Apple proprietary and effectively an undocumented "black box". This SoC includes a GPU and power management, all with closed-source and potentially exploitable firmware, and ARM Trustzone which provides "secured" and "non-secured" software environments, again using either yet another embedded CPU and firmware, or using "below the level of the OS" firmware to implement. From what I've seen the M1 is an exccelent CPU both in terms of power use and in terms of performance, but if you're trying to avoid having potentially exploitable binary blobs running on your system, an Apple product is probably the worst way to do it.