Not the NSA, but I know of at least one time the FBI did: https://arstechnica.com/security/2024/01/chinese-malware-rem...

That was probably because the NSA and other critical government agencies use Microsoft Exchange and it was a bug found in the wild.

But if it wasn't a bug found in the wild, can you imagine the fights between the NSA red and blue teams on whether to alert Microsoft about it?

Probably not a lot at all tbf

I don't have citations on hand, but it's commonly held that NSA fixed the S-boxes in IBM's "Lucifer" cipher design for DES to improve its resistance to (then publicly-unknown) differential cryptanalysis.

Of course they also crippled the key length to 56 bits...