LumoMate
Blog/Essays/AI Tools

What is tool calling (function calling)? A beginner's guide to how AI assistants get real work done

A chatbot can write you a paragraph, but on its own it cannot check today''s weather, look up your order, or do the maths reliably. Tool calling is how it reaches outside the conversation to use real tools — and it is the quiet machinery behind almost every AI "agent." Here is what that means in everyday language, how the back-and-forth works, and where it still trips up.
Published2026-06-06
Reading9 min
TopicAI TOOLS
Views0

Short answer

Tool calling, also called function calling, is the way an AI assistant reaches outside the conversation to use a real tool — a web search, a calculator, your calendar, a company database — instead of answering from memory alone. On its own, a large language model is brilliant at producing fluent text but has no live access to the world: it cannot truly look up today's exchange rate or read your latest order. Tool calling fixes that by letting the model say, in a structured way, "I need to run the *get_weather* tool for London," waiting while that tool runs, and then writing its reply using the real result it gets back. Think of it as the difference between a knowledgeable colleague answering off the top of their head and the same colleague being allowed to pick up the phone and check. That one ability — pausing to use a real tool and continuing with the answer — is the quiet machinery behind almost every AI agent you have heard about.

Key takeaways

  • Tool calling lets a chatbot use real tools — search, a calculator, an API, your files — rather than relying only on what it absorbed during training.
  • The model does not run the tool itself. It *requests* a tool by name with the right inputs, your software runs it, and the model continues once the real result comes back.
  • "Function calling" and "tool calling" mean the same thing. The model is asking to call a specific function — `get_weather`, `search_orders`, `add_to_calendar` — that the developer made available.
  • It is the engine under AI agents: an assistant that can *act* is almost always one that can call tools in a loop until a task is done.
  • It is reliable but not foolproof. The model can ask for the wrong tool, pass it bad inputs, or misread the result — so anything risky still deserves a human check.

What tool calling actually is

Start with the limitation it removes. A plain language model is, in effect, a very well-read person sealed in a room with no phone, no internet, and no filing cabinet. It can discuss almost anything it once read, and it writes with real fluency — but it cannot see anything happening *now*. Ask it for today's stock price, your account balance, or the result of a long multiplication, and at best it produces a confident-sounding guess. Fluent guessing is exactly the failure mode that makes people distrust AI for anything factual.

Tool calling opens a small, controlled hatch in that sealed room. The developer hands the model a short menu of tools it is allowed to use, each described in plain terms: what the tool does, and what information it needs to run. When a question would be better answered by a tool than by memory, the model does not try to fake the answer. Instead it produces a structured request — essentially a note that says "please run *search_orders* with `customer_id = 4821`" — and then it waits. Your software reads that request, actually runs the tool, and passes the real result back into the conversation. Only then does the model write its reply, now grounded in something true.

The important thing to hold onto is that the model never runs anything itself. It has no hands. It can only *ask*, in a precise format, for a tool to be run — and the surrounding software decides whether and how to honour that request. That separation is not a limitation to work around; it is the safety design. The model proposes, your code disposes.

How it works, step by step

You do not need any technical background to follow the shape of it. There are four moves, and they repeat.

  • **Offer the tools.** Before the conversation, the developer gives the model a list of available tools, each with a name, a short description, and the inputs it expects — for example, a `get_weather` tool that needs a city. This list rides along inside the model's context window next to your question.
  • **The model decides and requests.** When you ask something a tool can answer, the model replies not with prose but with a structured request naming the tool and filling in its inputs. This request follows a strict format — usually a small block of JSON-shaped data — so the software can read it without guessing.
  • **Your software runs the tool.** The application receives that request, actually calls the real function or service, and gets back a concrete result: the live temperature, the matching orders, the calculated total.
  • **The model answers with the result.** That real result is handed back to the model, which now writes a normal, human reply built on it — "It is 14°C and raining in London right now" — instead of a guess.

That is the whole loop: ask, run, return, answer. For a hard task the loop simply runs more than once — the model might call a search tool, read the result, then call a calculator, then answer. Everything impressive an AGI-flavoured "agent" appears to do is some version of this small loop repeating.

An everyday analogy

Imagine a sharp new assistant on their first day. They are articulate and well-read, but they have not memorised your customer list, they cannot see your live inventory, and you would not want them doing payroll arithmetic in their head. So you give them a few clearly labelled tools: a search box for orders, a calculator, and access to the shared calendar. You also set one rule — *do not invent an answer you could look up.*

Now when a customer asks "when does my order arrive?", the assistant does not guess. They turn to the order-search tool, type in the customer's number, read the real answer off the screen, and only then reply. Tool calling is exactly that arrangement. The model is the quick, articulate assistant; the tools are the labelled instruments on the desk; the structured request is the assistant turning to the right tool before speaking. The assistant is no smarter than before — but their answers are suddenly anchored to what the tools actually return.

A concrete example you can picture

Suppose you ask a travel assistant, "What's the weather in Lisbon this weekend, and is that warmer than here in Berlin?"

A plain chatbot has no live weather feed. It might answer "Lisbon is usually mild in spring" — plausible, generic, and possibly wrong for this particular weekend. A tool-calling assistant does something different. It recognises this needs real data, so it emits a request to run a `get_weather` tool for Lisbon, waits for the real forecast to come back, then emits a second request for Berlin. With both real results in hand, it does the comparison and replies: "Lisbon will be around 22°C and sunny this weekend; Berlin around 15°C — so yes, noticeably warmer in Lisbon." Same question, but one answer is a guess and the other is built from two live lookups it actually performed. And because each step is a discrete, logged request, a developer can see exactly which tools were called and with what inputs.

Why tool calling matters

The headline benefit is that it lets a fluent-but-blind model touch reality. Anything that depends on live, private, or precise information — a current price, your specific account, an exact calculation — moves from "confident guess" to "checked fact," because the answer is built from a tool's real output rather than the model's fuzzy memory.

The second benefit is that it is *the* mechanism behind AI agents. When people describe an assistant that can book a table, file an expense, or update a record, they are describing tool calling running in a loop. An agent that takes actions in the world — the kind covered in AI agents that act for you — is, underneath, a model deciding which tool to call next until the job is finished. Understanding tool calling is understanding how agents work at all.

The third benefit is *transparency you can audit*. Because every tool call is an explicit, structured request, the surrounding software can log what was asked, check it against rules, require approval for anything sensitive, and refuse calls that step out of bounds. The model's desire to act and the act itself are two separate events — which is precisely where you get to put a safety check.

Tools, functions, and "MCP" — the words you'll hear

A few terms get used interchangeably, and it helps to untangle them once.

  • **Tool calling vs function calling.** These are the same idea under two names. "Function calling" is the older, developer-flavoured term, because each tool is literally a function in code; "tool calling" is the friendlier word that has become common as agents went mainstream. If a product mentions either, picture the same ask-run-return-answer loop.
  • **The tool definition.** Each tool is described to the model with a name, a plain-language purpose, and a schema for its inputs — a small spec saying "this tool needs a city as text." That description is how the model knows when and how to use it. Vague descriptions lead to wrong calls; clear ones are half the battle.
  • **MCP.** You will increasingly see MCP (the Model Context Protocol), a shared standard for connecting AI assistants to tools and data sources. Think of it as a universal adapter: instead of every app inventing its own way to expose tools, MCP gives them a common plug, so the same calendar or database tool can work across many assistants.

None of this changes the core picture. Whatever the label, the model is still only requesting a named tool with some inputs, and your software is still the one that actually runs it.

Where tool calling still goes wrong

Tool calling is a sturdy idea, but a beginner should know its failure modes so the results do not surprise you.

  • **Wrong tool, or wrong inputs.** The model can misread a request and call the wrong tool, or call the right one with bad inputs — searching for the wrong order number, or passing a date in the wrong format. The tool runs faithfully on whatever it was given, so a confident-looking answer can still rest on a bad call.
  • **Misreading the result.** Even with the correct result returned, the model can occasionally summarise or round it wrongly when it writes the final reply. Getting real data back lowers the odds of a made-up answer; it does not guarantee a flawless one.
  • **Acting too eagerly.** In an agent loop, a model can chain several tool calls quickly — and if one of those tools *changes* something (sends a message, places an order), a small misjudgement becomes a real action, not just a wrong sentence. This is why anything that costs money or is hard to undo should require a human's approval.
  • **Only as good as the tools offered.** The model can only do what its tool menu allows. If a needed tool is missing, a weak setup may quietly fall back to guessing instead of saying "I don't have a tool for that."

The practical takeaway: clear tool descriptions, careful handling of anything that *acts* rather than just *reads*, and a human check on costly steps matter more than chasing a cleverer model.

How tool calling connects to other AI ideas

Tool calling ties together several concepts beginners often meet separately. The list of available tools and each returned result have to fit alongside your question inside the model's context window, and like all text they are measured in tokens — so a model juggling many tools is also spending more of its limited room. The model's decision about *which* tool to use, and how to phrase the request, is shaped by the underlying prompt and by the reasoning ability discussed in AI reasoning models. And tool calling sits right next to retrieval-augmented generation: RAG quietly fetches documents for the model, while tool calling lets the model *decide for itself* to fetch or act. They are cousins — both about feeding the model something real before it answers.

Common mistakes to avoid

  • Assuming the model runs the tools itself. It does not — it only requests them, and your software runs them. That gap is where every safety check lives.
  • Treating "function calling" and "tool calling" as two different features. They are one idea with two names; do not let the vocabulary confuse you.
  • Trusting a tool-grounded answer blindly. Tool calling makes answers far more reliable, but the model can still pick the wrong tool or misread a result, so verify anything that matters.
  • Giving an agent tools that *act* without an approval step. Read-only tools are low-risk; tools that send, buy, or delete deserve a human in the loop until you trust them.
  • Confusing tool calling with RAG. RAG fetches documents behind the scenes; tool calling lets the model choose to call tools and take actions. They overlap, and are often used together, but they are not the same thing.

FAQ

**Is tool calling the same as function calling?** Yes. They are two names for one idea: the model produces a structured request to run a specific tool (a function) that the developer made available, then continues once the real result comes back. "Function calling" is the older developer term; "tool calling" became common as AI agents went mainstream.

**Does the AI run the tools by itself?** No, and this matters. The model can only *request* a tool by name with some inputs. Your application reads that request and decides whether to actually run it. That separation is what lets developers log calls, require approval for sensitive ones, and block anything out of bounds.

**Does tool calling stop the AI from making things up?** It helps a lot for anything a tool can check — live data, your records, exact maths — because the answer is built from a real result instead of memory. It is not a complete cure: the model can still call the wrong tool, pass bad inputs, or misread the result, which is why important steps deserve a glance.

**What kinds of tools can an AI call?** Almost anything that can be wrapped as a function: web search, a calculator, a weather or maps service, a company database, your calendar or email, or another app's API. The developer chooses which tools to offer and describes each one so the model knows when to use it.

**How is tool calling related to AI agents?** Closely. An AI agent that takes actions is essentially a model calling tools in a loop — pick a tool, read the result, pick the next — until a task is done. If you understand tool calling, you understand the core mechanism that makes agents possible.

Sources

  • Anthropic: Tool use (function calling) with Claude: Anthropic's developer guide to how a model requests a tool, waits for the result, and continues. A clear first-party walkthrough of the ask-run-return-answer loop described here.
  • OpenAI: Function calling guide: OpenAI's explanation of how a model emits a structured call to a developer-defined function. A second independent description of the same mechanism, with the "function calling" naming.
  • Model Context Protocol: Introduction: The official overview of MCP, the open standard for connecting AI assistants to tools and data sources — the "universal adapter" referenced above.
  • Google: Function calling with the Gemini API: Google's beginner-oriented guide to letting a model call functions to fetch live data or take actions. Useful for seeing the same pattern across a third provider.
Keep reading

Read after this one.

All essays →
AI Tools · 9 min
What is MCP (Model Context Protocol)? A beginner's guide to the "USB-C for AI"
AI assistants are most useful when they can reach your real files, tools, and data — but wiring each one up by hand is slow and brittle. MCP is a shared standard that lets any AI app plug into any tool through one common connector, the way USB-C lets one cable charge almost anything. Here is what that means in plain language, why it caught on so fast, and where it still trips people up.
AI Tools · 9 min
What is fine-tuning? A beginner's guide to teaching an AI your way
When a general AI model needs to sound like your brand, follow your format every time, or handle a task it keeps fumbling, fine-tuning is one way to teach it. It takes a model that already knows a lot and trains it a little more on examples of exactly what you want. Here is what that means in plain language, how it differs from prompting and RAG, and when it is — and is not — worth the trouble.
AI Tools · 9 min
What are AI embeddings? A beginner's guide to how AI understands meaning
When an AI finds the right document, recommends a similar product, or answers from your company files, an embedding is usually doing the quiet work underneath. It turns words, images, and whole sentences into lists of numbers so a computer can measure how close two meanings are. Here is what that means in plain language, why "search by meaning" suddenly works, and where it still trips up.
Monday 08:00 — every week

One letter a week,
lasting understanding.

Only essays that don't get scrolled past. No ads, no tracking pixels, no external linkbait — the letter ends inside your inbox.

One-click unsubscribe. No spam.