I’ve spoken to Rapid7 support about this who have pointed something out to me that is obvious when you see it.
In case this helps anyone in the future, the Query Builder by default queries the assets only. If you enter a vulnerability query of cvss >=9 it will return all assets that have a least one such vulnerability, but a remediation project built off of that will show how to resolve ALL vulnerabilities on the system, not just the cvss >= 9 one. Instead, if you click the Switch to Expert option in Query Builder there are options to filter by asset AND vulnerability. Entering the cvss >=9 into the vulnerabilty resolves this issue.
Obvious when you see it and I felt stupid when it was pointed out to me, but all good now!