Glossary

Tool use

When a language model calls an external function or API as part of generating its response. The foundation of agentic AI, turns the model from a text generator into a system that can act.

Jenn Yang portrait
Jenn Director, DotVA + Editor, On Autopilot · Melbourne Published · 2 min read

Tool use is when a language model calls an external function or API as part of generating its response. Instead of just producing text, the model can fetch data, run code, query a database, send an email, or trigger any other side effect, by emitting a structured tool-call request that an outside system executes.

This is the foundation of agentic AI. A model with tools is a system that can do things; a model without tools is a system that can only describe doing things.

How it works

Modern LLMs (Claude, GPT-4, Gemini) are trained to:

  1. Look at the available tools (provided in the prompt as JSON schemas)
  2. Decide whether to call one based on the user’s request
  3. Emit a structured request: tool name + arguments
  4. Wait for the result
  5. Incorporate the result into the next step

Practically, a Claude Code session has access to ~10-20 built-in tools (Read, Edit, Write, Bash, Glob, Grep, etc) plus whatever MCP servers you’ve configured. The model picks tools as it works.

What “tool use” enables for Australian SMB

  • File operations. Claude reads your spreadsheets, edits your code, writes new files.
  • Shell commands. Claude runs git, npm, your build scripts, custom Bash.
  • External APIs. Claude queries Xero, Shopify, your inbox, your database, via MCP.
  • Web search + fetch. Claude looks up current information.
  • Image generation. Claude (via tool) can call image-gen APIs.

Without tools, the model is a chat window. With tools, it’s a colleague.

Safety considerations

Every tool the model can call is a way for the model to affect the world. The risk profile is the union of all the tool risk profiles.

  • Read-only tools (Read, Glob, Grep, web search): low risk, broad usefulness
  • Local file edits: medium risk; reviewable via git
  • Local shell commands: higher risk; sandbox or restrict
  • External writes (sending email, posting to Slack, writing to Shopify): high risk; human approval until trust is established
  • Destructive operations (rm, drop database, delete files): very high risk; default deny

Modern AI harnesses let you scope which tools are available per session and per permission level. Use that.

Related terms
Jenn Yang portrait
You'll be talking to Jenn Yang, Director, DotVA + Editor, On Autopilot Replies within one business day, AEST. jenn@onautopilot.com.au

Want this built for your business?

Book a free 30-minute AI audit. We'll map your business and show you exactly which systems we'd build first. No pitch deck, no scoping fee.

Book my free AI audit

Keep reading

Glossary

Function calling

Glossary

Agent

Glossary

Context window