Some combination of the two. IBM i has its vulnerabilities, but because of the way that the OS is built, getting code execution accidentally is extremely difficult, and even getting native code to run given full access to the system requires mucking about with the objects on disk.
However, with IBM i comes PASE, which provides a AIX-like environment that can run most software built for AIX directly, and that's going to have the same sort of vulnerabilities as any other UNIX system. As far as I know, that's mostly used for new development, though, because developers don't like learning unfamiliar platforms.
There's an IBM i hobbyist discord[1] full of friendly people who will be happy to help you out with learning or acquiring your own iron, or you can use any of a number of public-access systems. The main public access system is pub400[2], but there are at least three that are run by people in the discord. I run one of them, albeit with the worst uptime of the bunch; PM for details. And finally, you can find all of the docs for the system on IBM's site[3], though they can take some getting used to.
You can get used IBM Power servers on ebay, but they're pretty pricey. Not sure about licensing and such also, so you should look into that before buying.
