The NSA had the option to do something like that when they (via NIST) standardized DES.

They chose to standardize a version that's secure against attacks that only they knew at the time, shorten the key length so they can still brute-force it if they really need to, and successfully kept the attack secret until researchers at a foreign university independently discovered it decades later.

Yup, that was the older generation. The newer generation used NIST to propagate a backdoored RNG and to weaken several ECC-curves.