AV is a mixed bag
There have been numerous widely reported cases of serious programming flaws in basically all of the major AV packages, not to mention the many borked updates that have shut down network connections or 'quarantined' legitimate system files. All of these programs present a large attack surface, running secret and proprietary code at a highly invasive and privileged level -- code that's probably easier to exploit than the OS, and/or that creates new OS holes by jacking into system processes that were not designed to be jacked into.
Given that, it doesn't really matter to me whether Kaspersky "gave" the Russian government a back door or if the spookskis figured it out on their own. I think it's prudent to assume that the various global TLAs have similar exploits that target all of the common AV packages. The difference with Kaspersky is just that we've heard about it.