Tool use - when a model calls tools

What it is

Tool use means the model does not just receive a prompt and return text. It receives a list of tools, their schemas and rules for use. Then it decides when to call search, a shell, a database, e-mail, calendar, an internal API or an application function.

This is where an LLM stops being a clever text layer and becomes part of a system. That is also where permissions, boundaries and cleanup start to matter.

How it works

A typical loop is simple:

1. The user gives a goal.
2. The model chooses a tool and prepares structured arguments.
3. The application executes the tool outside the model.
4. The result returns into context.
5. The model continues, revises the plan or answers.

Newer models can interleave tools with reasoning. They inspect something, adjust the plan, then touch another source. Powerful, yes. Also exactly where a bad tool, excessive permissions or prompt injection sets the carpet on fire.

When it makes sense

Tool use is useful when the model needs fresh data, exact computation, access to internal systems or an action outside chat. Common cases: RAG, coding agents, CRM updates, calendar planning, report generation, server administration.

It should not be sprinkled everywhere. If the model can answer from context, a tool is just another failure point.

Common mistakes

• Tools without schemas. The model guesses arguments and the app acts surprised.
• Overbroad permissions. An agent does not need production database access just because it knows SQL.
• No approvals. Deletes, payments, e-mails and deploys should not be a silent side quest.
• No audit log. When the agent breaks something, you need to know what it called, when and why.
• Tool use as theater. Calling tools only to make a product look agentic is expensive decoration.

What to remember

Tool use is the boundary between answer and action. Once a model calls tools, text quality is not enough. You are dealing with permissions, safety, audit trails, error recovery and the cost of every click.