Bringing the thread back on topic, my experience at work shows how Kaspersky would have accidentally "hacked" this material.
For my day job I write software tools which scan networks, checking to see if any computers on the customers' network are vulnerable to any known vulnerabilities. Occasionally the antivirus/anti-malware that is mandated by corporate flags our on tools as likely malware. That makes sense, because our code looks a lot like malware code - we seek out vulnerable hosts, checking each to see if it's actually vulnerable. After that, our system reports to the customer where their vulnerabilities are, but to anti-virus / anti-malware systems our code resembles a threat. Our code also closely resembles some of the NSA code, which was basically malware. Our company has to conform to certain security standards, and those standards require all desktops and laptops to have anti-virus / anti-malware, so we aren't supposed to just disable it, even though it's troublesome when it flags our own files. Right or wrong, bureacracy requires that our systems have this protection.
The anti-malware vendors program their software so that when it detects a new strain of likely malware, it sends a copy back to the vendor so they can learn about the new malware. That's typical so they can provide better service by continually adding new detection for new malware varieties.
If, due to bureacratic fiat or any other reason, anti-malware were installed on an NSA system which had a copy of the NSA kit, I'd expect the anti-malware would detect a few of those tools as being possible malware infecting the system. (It is basically malware, after all). Standard practice would be for the anti-malware system to send samples back to Kaspersky, so they can update and improve their detection. Some low-level analyst at Kaspersky would receive several new zero days all "infecting" one computer. Since there are several and they are new, they'd alert their boss and Kaspersky would/should take a look at this customer system that contains several new zero days. Maybe look at the folder the zero days were in to see if more new threats are there. In the same folder the zero days came from, they'd find the NSA manual on how.yo use them. Suddenly Kaspersky would have the NSA kit without ever doing anything more than doing their job as expected.
The policy that would cause this to happen - without any malice by anyone, would be a rule that "all NSA desktops must have anti-malware installed", combined with choosing Kaspersky, a foreign company, as their vendor.