Philadelphia, known for its cheesesteaks, also holds the title of the mural capital of the world, and it served as an apt setting for the DevOpsDays Philadelphia 2025, where around 150 developers and IT professionals gathered to discuss the evolving landscape of web application security. Over two days, attendees delved into various topics including AI in DevOps, governance, secrets management, runtime security, and the importance of resilience over perfection. A key highlight was the session led by Brian M. Green, which addressed AI security and the operational risks of agentic automation, emphasizing the need to treat AI prompts as code artifacts and enforce explicit policies. Discussions by Ehfaj Khan and Ankur Bansal focused on the continuous practice of secret management, while Kennedy Toomey advocated for the use of runtime tracing to prioritize security issues based on evidence rather than assumptions. Damion Waltermeyer introduced the concept of "ablative resilience," which suggests treating systems as expendable to ensure rapid recovery and business continuity. The event underscored the shift from static security controls to dynamic control loops, emphasizing the need for policies as code, runtime observability, and a culture of guardrails to effectively manage AI and non-human identities in the fast-paced DevOps environment.