Sorry, forgot to include my version. I'm on macOS 10.15.4, targeting macOS 10.15.
My application has the Keychain Group "com.example.myApp" specified in its Signing & Capabilities section, and "$(AppIdentifierPrefix)com.example.myApp" in its entitlements file.
Weirdly enough, I do see the nine additional items which keep showing up in my query in Keychain Access under login > Keys. When I search for kSecAttrIsInvisible: true, I get only the nine keys I see in Keychain Access. When I search for kSecAttrIsInvisible: false, I get ... the nine keys I see in Keychain Access.
I just feel like there must be something critical I'm misunderstanding about how these queries are meant to work.
Figured it out, and yes, I was missing something obvious. You apparently have to also have the keys kSecUseDataProtectionKeychain or kSecAttrSynchronizable set to true in your query dictionary for kSecAttrAccessGroup filters to work. It's right there in the documentation, and I evidently missed it.
Still not sure what's going on with kSecAttrIsInvisible, but I don't actually need that working.