Improve the existing key-recovery attacks (http://research.microsoft.com/en-us/projects/cryptanalysis/a...) on AES from 2^126 to 2^80 (through unknown methods, potentially exploiting the trivial relation of CTR plaintexts), which is a scale at which a state level party could perform computation, especially on specialized hardware. Observe a CTR block on known plaintext and recover the key.
Practical key recovery attacks have existed against many block ciphers. AES is pedantically weaker than it should be (since an attack exists at 2^126).
Do I think this is likely? I don't have enough information to answer, and in the absence of information I'd default to "probably not". It wouldn't be inconceivable, however.