Malware is in fact using IME.[1] And remotely exploitable vulnerabilities have been found it in.[2]

[1] https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum...

[2] https://arstechnica.com/information-technology/2017/05/intel...

I'm surprised I didn't hear about this until now. It looks like the user had to have enabled AMT, so this isn't exactly conspiracy levels.

It is troubling how little priority the computer world gives to proper security models.