The question isn't how many endpoints the NSA has, it is how much bandwidth they have at the endpoints (actually, it is more about how many unique users use their endpoints). But, assume that 1% of Tor connections goes through an NSA exit node. 1% of that 1% would go through both an NSA exit node at both ends, and is therefore comprimised.
Tor tries to mitigate this by always using the same exit nodes for your connection (reducing the chance of ever being compromised, but if you are compromised, it is for much longer). However, inevitably you occasionally do need to change your exit nodes, which gives the NSA another roll of the dice. Additionally, when talking about drag-net surveillance, 1% of 1% is still a lot.
The bigger protection is the ease with which the NSA can mount this attack on TOR. I have no doubt that they could do it, however I do question if they can do it on a massive scale.
"Tor tries to mitigate this by always using the same exit nodes for your connection"
Think you're getting your entry and exit nodes mixed up there. Tor chooses a small number of entry nodes (entry guards) and attempts to only use those.
I imagine that when you have taps at all the colocation centers (which each node would need to go through - and even a surprising number of hops overseas go through the US due to the cheaper price of bandwidth) you may not need to control the endpoints to break anonymity, with enough statistical analysis of the packets entering and exiting the known tor nodes. Tor doesn't work against attackers who can monitor the whole network, and the developers say so up front.
The bigger protection is the ease with which the NSA can mount this attack on TOR. I have no doubt that they could do it, however I do question if they can do it on a massive scale.