Module 4 · Putting LLMs to Work — Prompting, RAG & Agents
Tools, Function-Calling & AI Agents
65 min
Learning objectives
- Define an AI agent and distinguish it from a single LLM call
- Explain how function-calling lets a model take real actions
- Judge when an agent is warranted and what risks it introduces
From answering to acting
A plain LLM call takes text in and returns text out. But many useful tasks require taking actions in the world — looking up a live price, querying a database, sending an email. Function-calling lets the model request those actions in a structured way, and an agent strings such actions together to pursue a goal.
Function-calling (tool use) — A capability where the model emits a structured request to call a defined tool; the application runs it and feeds the result back to the model.
Crucially, the model does not run the tool itself. It outputs a structured request — for example, the name of a function and its arguments — and your application decides whether and how to execute it, then returns the result so the model can continue.
Example — A tool-call request
The model returns a structured intent; the application validates and runs it, then passes the result back.
User: "What's the weather in Pune right now?"
Model emits:
{ "tool": "get_weather", "args": { "city": "Pune" } }
App runs get_weather("Pune") -> 31C, clear
App returns that to the model, which replies in natural language.What makes it an agent
An agent uses the LLM as a decision-maker in a loop: observe the situation, decide on a next action (often a tool call), take it, observe the result, and repeat until the goal is met. The defining trait is that the sequence of steps is not hard-coded — the model decides them.
Agent — A system that uses an LLM to plan and take a sequence of actions, often via tools, to accomplish a goal rather than returning a single response.
Analogy
A single LLM call is like asking a colleague one question and getting one answer. An agent is like handing that colleague a goal, a phone, and a corporate card and saying 'handle it' — far more capable, and far more able to make an expensive mistake.
When to use an agent — and when not to
| An agent fits when | Prefer a simpler approach when |
|---|---|
| The task needs multiple steps decided dynamically | A single prompt or a fixed script already solves it |
| The path depends on intermediate results | Steps are known in advance and never vary |
| Tools must be combined in unpredictable orders | Reliability and auditability outweigh flexibility |
Agents add power and unpredictability together. Start with the simplest thing that works; add agentic autonomy only when the task genuinely requires dynamic, multi-step decisions.
Risks to manage
- Compounding errors — a wrong step early can derail the whole loop.
- Unintended actions — tools that write data, spend money, or send messages can cause real harm.
- Runaway loops and cost — agents can repeat steps or consume many model calls.
- Expanded attack surface — tools and retrieved content open the door to prompt injection (covered next lesson).
Watch out
Give agents the least privilege they need. High-impact actions (payments, deletions, external messages) should require approval, validation, or a human checkpoint — never blanket autonomy.
Knowledge check
Quick practice — not part of your exam score.
What most clearly distinguishes an AI agent from a single LLM call?
In function-calling, who actually executes the requested tool?
Which is a sound principle for limiting agent risk?
Sign in to track your progress and mark lessons complete.
Sign in