Tool calling, also known as function calling, is a mechanism that allows a Large Language Model (LLM) to request the execution of an external operation. Instead of directly performing the operation, the model produces a structured call containing a tool name and arguments. Application code validates and executes the request, then returns the result to the model.
Tools can provide access to databases, search engines, calculators, business APIs, code execution environments, or physical devices. They allow a model to use current or private information and to take actions that cannot be completed through text generation alone.
A typical tool-calling loop has four stages:
- The application supplies tool definitions and a user request to the model.
- The model selects a tool and generates arguments that conform to its schema.
- The application authorizes, validates, and executes the call.
- The tool result is added to the context, after which the model may answer or request another tool.
Tool calling is related to, but distinct from, structured output. Structured output constrains the shape of a model's response. Tool calling additionally defines an executable contract between the model and an external system.
Reliable tool design requires more than a valid schema. Tool names and descriptions must make selection criteria unambiguous, parameters should reflect domain types, and results should be concise enough for effective context engineering. Overlapping tools often reduce reliability because the model must infer distinctions that the interface failed to express.
When an application exposes more tools than can be included reliably in every request, dynamic tool discovery can retrieve a small relevant subset at runtime.
Production implementations should treat model-generated arguments as untrusted input. Important controls include schema validation, authorization, timeouts, rate limits, idempotency keys, agent guardrails, audit logs, and explicit confirmation before consequential actions. Tool results can also contain malicious instructions, making indirect prompt injection attacks a significant risk.
Tool calling is a foundational capability for AI agents, agentic workflows, and the Model Context Protocol (MCP). See the OpenAI function calling guide for a concrete schema-based implementation.
The LLM Knowledge Base is a collection of bite-sized explanations for commonly used terms and abbreviations related to Large Language Models and Generative AI.
It's an educational resource that helps you stay up-to-date with the latest developments in AI research and its applications.