Maybe, but this argument holds less weight given that they’re the ones pushing for inclusion of these algorithms in the NIST standards, and are really only advocating against the hybrid algorithms.

I honestly think the NSA learned their lesson with the whole debacle around Dual_EC_DRBG and skepticism about their elliptic curve seeds - especially given the continued exponential growth in sensitive electronic communications and records, they want the algorithms as secure as possible without a backdoor that could leak and be a foot-gun for US communications as well.

Instead, they’ll just throw more money at making a usable quantum computer than the next country spends on their entire cryptographic infrastructure, and get targeted backdoors into software/hardware implementations of the encryption algorithms so they can focus their attacks more precisely.

I'd be fairly certain they have hardware backdoors into most things...

My guess would be that there are multiple segments to the NSA, some of whom have access to the hardware level backdoors and others that want the software to be easier to compromise.

I would suggest that if you are a target of the NSA the encryption you are using does not matter one bit, they will find a way to hack you and steal any keys to systems they need and you probably won't even know about it. I'm not so convinced about the mass surveillance actually being that useful to be honest, even with current tech there is just too much of it to help.