Detects the first-time access by a Python process to sensitive credential files on a macOS endpoint. Legitimate Python processes rarely touch files such as SSH keys, AWS credentials, browser cookies, Kerberos tickets, or macOS keychain data; therefore a first occurrence is a strong indicator of compromise, potentially from post-exploitation credential theft, a malicious script, compromised dependency, or model file deserialization (e.g., pickle, PyTorch). The rule leverages Elastic Defend sensitive-file open events restricted to known sensitive paths and uses a new_terms alert to flag the first time a specific credential file is opened by a Python process on a host within a seven-day window. This yields a focused signal for investigation of possible credential access via Python workflows. Investigations should verify the Python script or command triggering the access, assess whether the access concerns a model or deserialization step (e.g., torch.load, pickle.load), identify which credential file was accessed, and audit outbound activity around the event for potential exfiltration. Remediation includes rotating affected credentials, quarantining the process, and auditing related hosts and scripts. MITRE mapping ties to Credential Access (T1555) and Keychain (T1555.001) for macOS-specific credential stores. The rule supports SOC triage with contextual clues about the involved process, files, and timing.