The Business of AI, Decoded

Function Calling & Tool Use Explained: How AI Chatbots Actually “Do” Things

132. Function Calling & Tool Use Explained: How AI Chatbots Actually “Do” Things

⚙️ AI chatbots don’t just talk — they act. This guide explains function calling and tool use in plain English: how AI connects to real systems, what changed with MCP in 2026, and why this mechanism powers every AI agent you will ever deploy.

Last Updated: May 26, 2026

When you ask an AI assistant to check your calendar, book a flight, send an email, or pull a live stock price, it is not doing any of that with language alone. There is a specific technical mechanism happening underneath — one that connects the language model to the real world outside its training data. That mechanism is called function calling, or in some platforms, tool use. It is the reason AI went from being a sophisticated text generator to something that can actually take actions in your software, databases, and workflows.

Function calling was introduced to the public by OpenAI in June 2023 and has since become one of the most consequential building blocks in AI development. By 2026, the concept has expanded significantly. Google, Anthropic, and OpenAI all support function calling or tool use in their APIs — but with different formats, reliability characteristics, and naming conventions that matter if you are building or evaluating AI systems. More importantly, the arrival of the Model Context Protocol (MCP) in late 2024 has begun standardising what was previously a fragmented, provider-specific landscape. Over 13,000 MCP servers are already on GitHub, and MCP has been adopted by OpenAI, Google, Microsoft, and AWS — a rare cross-industry alignment that signals a step-change in how AI connects to external tools.

This guide explains function calling and tool use from the ground up — no coding required to follow along. You will learn what the mechanism is, how the four-step process works, how the major providers compare, what MCP changes for organisations building AI workflows, and what the security risks are that every business leader needs to understand before deploying tool-enabled AI. Whether you are a developer, a business professional evaluating AI vendors, or someone trying to understand why AI agents can suddenly do so much more than chat, this article gives you the full picture.

📖 New to AI terminology? Visit the AI Buzz AI Glossary — 65+ essential AI terms explained in plain English, each linking to a full in-depth guide.

Table of Contents

1. ⚙️ What Is Function Calling — and Why Does It Matter?

A large language model, on its own, works entirely within the boundaries of text. It reads your prompt and generates a response — but everything it “knows” comes from its training data, which has a cutoff date and no connection to live systems. If you ask it what the weather is right now, it cannot check. If you ask it to update a record in your CRM, it has no way to reach your CRM. If you need it to calculate a precise financial figure using live exchange rates, it can only approximate. These limitations are not flaws in how models reason — they are structural. Language models are text engines. They are not, by default, connected to anything.

Function calling changes this. It is a mechanism that allows you to describe a set of external functions — tools, APIs, database queries, calculators, search engines, or any code you define — to the model, and let the model decide when and how to invoke them. The model does not execute the function itself. Instead, it generates a structured request: here is the function I want to call, and here are the specific arguments I want to pass to it. Your application receives that request, executes the actual function, and sends the result back to the model. The model then uses that result to generate its final response. The language model handles reasoning and decision-making. Your code handles execution. Together, they close the gap between conversation and action.

Plain-English definition: Function calling is the mechanism that lets an AI model request information or trigger actions in external systems — like checking a database, calling an API, or running a calculation — without executing any code itself. The model decides what to call and what arguments to pass. Your application does the actual work and sends the result back.

This matters enormously for 2026 because the shift from AI as a chatbot to AI as an agent — a system that can autonomously complete multi-step tasks across multiple tools — is built almost entirely on function calling. According to IBM, AI agents rely on tool use to perceive their environment, make decisions, and take actions. Every agent framework you encounter — LangChain, CrewAI, AutoGen, OpenAI Assistants — is built on top of function calling as the foundational primitive. Understanding it is understanding the engine underneath the hood of every AI workflow that does something beyond generating text.

Function Calling vs. Tool Use: Is There a Difference?

Technically, these terms refer to the same mechanism. OpenAI originally called it “function calling” when they introduced it in 2023. Anthropic called the equivalent feature “tool use” from the beginning. Google uses both terms interchangeably depending on context. By 2026, the industry has largely converged on “tool calling” or “tool use” as the broader term, because tools can encompass much more than simple functions — they include full APIs, code interpreters, browser actions, file operations, and entire MCP servers. For the purposes of this guide, function calling and tool use mean the same thing and the terms will be used interchangeably.

Why This Is the Most Important Concept in AI Agents

Workflow automation is the top use case in 64% of AI agent deployments, particularly in customer support, HR, and sales operations. Every single one of those deployments depends on function calling to connect the AI’s reasoning to the business systems where the actual work happens — the CRMs, ticketing tools, internal APIs, and data platforms. The 2026 State of AI Agents Report found that 46% of organisations cite integration with existing systems as their primary deployment challenge — not model capability. That integration challenge is, at its core, a function calling challenge: how do you reliably connect AI reasoning to the tools and systems that power your organisation?

2. 🔄 How Function Calling Works: The Four-Step Process

The mechanics of function calling follow the same logical pattern across every provider, even though the API syntax and response formats differ. Understanding the four-step process gives you a mental model that applies whether you are using OpenAI, Anthropic Claude, Google Gemini, or any other function-calling-capable model. The process is simple once you see it clearly — and importantly, you do not need to write a line of code to understand it.

Step 1 — Define Your Tools

Before the model can call anything, you need to tell it what tools are available. You do this by providing tool definitions alongside your prompt — structured descriptions that tell the model the name of each function, what it does, what parameters it accepts, and which parameters are required. Think of this as giving the AI a menu of capabilities. A simple tool definition for a weather lookup might say: “This function is called get_weather. It retrieves current weather for a given location. It requires a ‘location’ parameter (city and country as a string).” The model reads these definitions and understands what each tool can do and when it might be useful.

Tool definitions consume tokens — they take up space in the model’s context window. Research-backed data from April 2026 shows that function calling adds an average of 346 extra tokens per call to API requests. This is worth understanding from a cost perspective: at 100,000 calls per month, that overhead translates to $8–$154 in additional API costs depending on your provider. Keeping tool descriptions concise and caching frequently used definitions are two of the most effective ways to manage this cost in production.

Step 2 — The Model Decides Whether and What to Call

Once you send the user’s message along with the tool definitions, the model reads both and makes a decision: can I answer this with my existing knowledge, or do I need to call one of the tools? If the user asks a general question the model can answer from training data, it may respond directly without calling any tool. If the question requires live data, computation, or an action in an external system, the model generates a tool call response — a structured output specifying which function to invoke and what arguments to pass.

This decision-making step is where reliability differences between providers become most visible. A model with poor function-calling reliability might call the wrong tool, hallucinate incorrect argument values, or fail to call a tool when it should. As of Q1 2026, reliability benchmarks show meaningful differences: Anthropic’s Claude scores 8.4 out of 10 on tool-calling reliability metrics, Google Gemini scores 7.9, and OpenAI scores 6.3 on the same benchmark. For agentic systems where tool calls chain across multiple steps, these reliability differences compound — a single wrong tool selection early in a workflow can cascade into significant downstream errors.

Step 3 — Your Application Executes the Function

When the model returns a tool call, your application intercepts it. This is the moment where the actual work happens — outside the model entirely. Your code reads the function name and arguments from the model’s structured response, executes the function against the real system (an API, a database, a calculator, a search engine), and captures the result. The model is not involved in this step at all. It has done its job by deciding what to call and with what parameters. The execution is entirely under your control, which is an important point for security and governance.

Because execution happens in your code — not in the model — you retain control over what functions actually run, what data they can access, and how errors are handled. A model can request any function you have defined, but your application decides whether to execute it. This is where access controls, rate limiting, and safety checks belong. The architecture places a deliberate boundary between AI reasoning and real-world action, giving organisations the ability to implement human-in-the-loop approval gates for high-stakes function calls before they execute.

Step 4 — Results Go Back to the Model

Once your application has the function result, it sends it back to the model as part of the conversation. The model receives the result — say, “Current weather in London: 14°C, partly cloudy” — and uses that information to generate the final natural-language response the user sees. From the user’s perspective, the AI simply answered their question. Behind the scenes, a four-step cycle of tool definition, model decision, application execution, and result return happened in seconds. This cycle can repeat multiple times in a single conversation if the task requires calling several tools in sequence — the foundation of what makes multi-step AI agents possible.

StepWho ActsWhat HappensPlain-English Analogy
1You (developer/platform)Define available tools alongside the promptHanding the AI a menu of available actions
2The AI modelDecides which tool to call and what arguments to passThe AI places an order from the menu
3Your applicationExecutes the function against the real systemThe kitchen prepares and delivers the dish
4Your application → AI modelReturns the result; model generates final responseThe waiter brings results back; the AI explains them

3. 🔀 How OpenAI, Anthropic, and Google Compare

All three major AI providers support function calling in their APIs, but the implementation differences matter — particularly for teams building production systems or evaluating which provider to standardise on. The format of tool definitions, the structure of model responses, the maximum number of tools supported, and the reliability of tool selection all vary meaningfully across providers. Here is what you need to know about each.

OpenAI: The Original Implementation

OpenAI function calling in one line: The pioneer of the feature with the broadest tool limit (128 tools per request), a strong developer ecosystem, and the most mature parallel function calling support — best for complex, high-volume agentic pipelines where breadth of tool access matters.

OpenAI introduced function calling in June 2023 and has iterated on the format through several API versions since. The current implementation through the Responses API supports up to 128 tools per request — the highest limit across major providers — and includes tool namespaces, which allow related tools to be grouped under a namespace object, helping the model select correctly when many tools are available. OpenAI also supports parallel function calling, allowing the model to invoke multiple tools simultaneously rather than sequentially, which significantly reduces latency in multi-tool workflows.

OpenAI has deprecated its older Assistants API in favour of MCP compatibility, with a mid-2026 sunset date. This is an important signal for any organisation that built tool integrations on the Assistants API: migration to MCP-compatible patterns is now the recommended path. Enterprise revenue now accounts for 40% of OpenAI’s total, and its Codex agent has reached three million weekly users — both indicators of how central function calling has become to OpenAI’s enterprise strategy.

Anthropic Claude: The Reliability Leader

Anthropic Claude tool use in one line: The highest tool-calling reliability score among major providers (8.4/10 as of Q1 2026) with a unique content-block architecture that cleanly separates tool calls from text — best for agentic systems where accuracy across multi-step tool chains is the top priority.

Anthropic calls the feature “tool use” rather than “function calling,” and uses a distinctly different response architecture from OpenAI. Claude outputs tool calls and text as separate content blocks within the same response — a design that allows the model to interleave reasoning text with tool calls naturally. This is particularly valuable in agentic systems where transparency into why the model chose a specific tool matters as much as the tool call itself. Anthropic’s Claude Sonnet 4.6 supports up to 64 tools per request and leads on tool-calling reliability benchmarks at 8.4/10 as of Q1 2026.

Anthropic captures 40% of enterprise LLM spend as of 2025, up from 24% the previous year — a remarkable shift that partly reflects enterprise buyers prioritising reliability and safety in production AI systems. For multi-step agentic workflows, where reliability differences compound across tool calls, Claude’s architecture advantage becomes increasingly significant as workflow complexity grows. Anthropic was also the originator of the Model Context Protocol (MCP), introduced in November 2024, which has since become the cross-provider standard for tool integration.

Google Gemini: The Ecosystem Integration Play

Google Gemini function calling in one line: Strong ecosystem integration across Google Cloud, Workspace, and the 200+ model Gemini Enterprise Agent Platform — best for organisations already running on Google infrastructure or building agents that interact with Workspace, BigQuery, or Google Cloud services.

Google supports function calling in Gemini with up to 64 tools per request and a reliability score of 7.9/10 as of Q1 2026. Google’s strategic advantage is not in the raw function calling implementation but in the ecosystem it wraps around it. At Google Cloud Next 2026, Google announced managed MCP servers across Google Cloud services, the Agent2Agent (A2A) protocol for cross-platform agent communication, and the Gemini Enterprise Agent Platform — a consolidation of its agent tooling into a unified platform supporting more than 200 models including third-party options such as Anthropic’s Claude.

Google also shows the strongest developer adoption figures: 69% of enterprises report using Google models as of Q1 2025, compared to 55% for OpenAI — a shift driven partly by Workspace integration and partly by competitive pricing on Gemini Flash models for high-volume function calling use cases. For organisations where AI agent workflows need to interact directly with Google Workspace (Gmail, Calendar, Drive, Docs), Google’s native integrations reduce friction significantly compared to building the same integrations through third-party MCP servers.

DimensionOpenAI (GPT-4o)Anthropic (Claude)Google (Gemini)
Feature nameFunction callingTool useFunction calling / Tool use
Reliability score (Q1 2026)6.3 / 108.4 / 10 ✅ Highest7.9 / 10
Max tools per request128 ✅ Highest6464
Parallel function calling✅ Full support✅ Supported✅ Supported
MCP support✅ Adopted (mid-2026)✅ Originator✅ Managed MCP servers
Response architectureTool calls in message deltaContent-block architectureFunction call parts
Best forHigh-volume, many-tool pipelinesReliability-critical agentsGoogle ecosystem workflows

4. 🔌 MCP: The Standardisation That Changes Everything

Before the Model Context Protocol, every AI provider had its own tool-calling system. OpenAI had GPT Actions. Anthropic had tool use. Google had function calling. Each was slightly different. Each was incompatible with the others. If you built a Slack integration for Claude, it did not work with ChatGPT. If you connected a database query function for GPT-4o, you had to rebuild the integration entirely for Gemini. This fragmentation created significant engineering overhead and made it hard to switch providers or run multi-model architectures — both of which are increasingly common in enterprise AI deployments in 2026.

MCP — the Model Context Protocol — was introduced by Anthropic in November 2024 and has since been adopted by OpenAI, Google, Microsoft, and AWS. It now operates under the Linux Foundation’s Agentic AI Foundation, established in December 2025, making it a vendor-neutral open standard. As of 2026, MCP has generated over 97 million monthly SDK downloads and hosts over 13,000 MCP servers on GitHub. The analogy that has stuck in the developer community is apt: MCP is to AI tool integration what USB was to device connectivity — one standard connector that works everywhere. Our dedicated guide to Model Context Protocol (MCP) covers the full architecture, security checklist, and implementation considerations in detail.

How MCP Changes the Tool Integration Picture

The core architectural shift MCP introduces is the separation of tool definitions from model-specific API formats. In the pre-MCP world, you defined tools in the format each provider required — different JSON schemas, different parameter conventions, different response structures. With MCP, you build an MCP server that exposes tools through a standardised JSON-RPC interface. Any MCP-compatible AI client — Claude, GPT, Gemini, or any future model — can discover and use those tools without per-provider adapter code. Build the integration once, and it works everywhere.

For organisations evaluating AI vendors in 2026, MCP adoption by a provider is now a meaningful selection criterion. It reduces migration risk significantly: if you build tool integrations on MCP rather than proprietary function-calling formats, you can switch underlying models or add new ones without rebuilding your tool layer. OpenAI’s decision to deprecate its Assistants API in favour of MCP compatibility — with a mid-2026 sunset — is the clearest signal yet that the industry is converging on MCP as the default integration standard for tool-enabled AI systems.

MCP and Security: What Organisations Must Understand

MCP’s power is also its risk surface. Because an MCP server can expose tools to any compatible AI client, a misconfigured or compromised MCP server becomes a potential entry point into your systems. MCP security risks include prompt injection via malicious tool responses, excessive permission grants to AI agents, and supply chain risks from third-party MCP servers. The Non-Human Identity (NHI) framework for AI agents addresses a specific risk that MCP amplifies: when an AI agent has credentials to call tools, those credentials constitute a non-human identity with real system access — one that needs the same identity governance controls as any human user account. Organisations deploying MCP-connected agents should apply least-privilege access principles, implement strict tool-level audit logging, and validate MCP server provenance before connecting them to production systems.

🚀 New to AI? Start with the AI Buzz Beginner’s Guide to AI — 30+ plain-English guides organised into four clear learning paths: fundamentals, tools, prompting, and business adoption.

5. 🏭 Real-World Use Cases: What Function Calling Makes Possible

The clearest way to understand function calling is to see what becomes possible when AI can reach outside its own knowledge. The use cases span every industry and every business function — and 2026 deployments are far more sophisticated than the simple weather-lookup examples that illustrated the concept in 2023. The common thread is that function calling is the mechanism that transforms a language model from a content generator into a workflow participant.

Customer Service and Support Automation

In customer service deployments, function calling allows AI agents to look up order statuses, issue refunds, update account information, create support tickets, and escalate cases — all within a single conversation. Without function calling, an AI support chatbot can only answer general questions using trained knowledge. With it, the same model becomes capable of resolving specific customer issues by querying live order management systems, CRMs, and billing databases. Workflow automation is the top use case in 64% of AI agent deployments, and customer support is consistently one of the highest-volume applications. Our guide to AI in customer service explores how leading organisations are structuring these deployments and where human escalation gates remain critical.

Finance and Data Analysis Workflows

Finance teams use function calling to connect AI to live financial data sources, calculation engines, and reporting systems. An AI assistant with function calling can pull current exchange rates, calculate precise financial projections using a defined formula, query ERP systems for budget actuals, and generate structured reports — all in a single automated workflow. This is qualitatively different from asking an AI to explain financial concepts. Function calling makes AI a genuine participant in financial workflows, not just a research tool. For finance leaders evaluating these capabilities, our guide to best AI tools for finance teams covers which platforms implement tool use most reliably for financial data environments.

Software Development and Code Execution

In development workflows, function calling connects AI coding assistants to real development environments — running tests, querying databases, executing code snippets, reading file systems, and interacting with version control systems. The AI for coding landscape has evolved rapidly: agentic frameworks like LangChain and AutoGen are built on function calling primitives, and framework adoption has nearly doubled year over year, rising from 9% of organisations in early 2025 to almost 18% by the beginning of 2026. The practical result is that AI can now participate in actual development workflows — not just suggest code in a chat window, but run, test, and iterate on it through tool-enabled loops. Our comparison of GitHub Copilot vs Cursor vs Claude Code covers how function calling and tool use differ across the leading AI coding platforms.

6. ⚠️ Security, Governance, and What Business Leaders Must Know

Function calling is powerful precisely because it gives AI models the ability to take actions in real systems. That same power creates a risk surface that every organisation deploying tool-enabled AI must actively manage. The security considerations are not theoretical — they are practical, well-documented, and increasingly the subject of enterprise AI governance frameworks and 2026 regulatory guidance.

The Core Risk: Unintended or Malicious Tool Execution

The most significant risk in function calling deployments is that a model calls a function it should not — either because the prompt was manipulated by a malicious actor (prompt injection) or because the model made an incorrect tool selection. Prompt injection attacks targeting function-calling systems attempt to override the model’s intended behaviour by embedding malicious instructions in data the model reads — a tool call result, a document, a retrieved web page. If the injected instruction causes the model to call a destructive function, delete data, send emails, or exfiltrate information, the consequences are real and immediate. Our in-depth guide to prompt injection attacks covers how this class of attack works and the defensive measures that matter most.

The OWASP Top 10 for LLM Applications identifies excessive agency — giving AI agents more permissions, capabilities, and autonomy than needed — as one of the top risks in LLM deployments. The mitigation is structural: define tools with the minimum permissions required for the task, implement explicit approval gates before executing high-consequence functions (sending emails, making payments, modifying records), and audit every tool call in your logging infrastructure. The Colorado AI Act, effective February 2026, specifically requires that high-risk AI systems deployed in consequential domains maintain meaningful human oversight — a requirement that directly applies to tool-enabled AI making decisions in employment, lending, or healthcare contexts.

Non-Human Identity and Agent Credentials

When an AI agent has the credentials to call a tool — an API key, a database connection string, an OAuth token — those credentials constitute a non-human identity with real access to your systems. Managing those identities with the same rigour applied to human user accounts is not optional in a mature AI security posture. Least-privilege access, credential rotation, audit logging, and session scoping are all directly applicable to AI agent tool credentials. The NHI security framework for AI agents provides the practical controls framework for this challenge — one of the most overlooked areas in enterprise AI deployments today.

Argument Hallucination: The Hidden Reliability Risk

Even when a model correctly identifies which tool to call, it can hallucinate incorrect argument values — generating plausible-sounding parameters that are factually wrong. A model might call a flight search function with a correct origin airport but a hallucinated destination code. It might query a database with a correctly structured SQL-like argument that references a table that does not exist. Argument hallucination is a distinct failure mode from wrong tool selection and requires its own mitigation: strict input validation on the function execution side, schema enforcement that rejects malformed arguments before they reach your systems, and output verification that confirms results are within expected ranges before they are passed back to the model.

RiskWhat It MeansMitigation
Prompt injection via tool resultsMalicious content in tool responses hijacks model behaviourSanitise tool outputs; treat returned data as untrusted
Wrong tool selectionModel calls the wrong function for a given taskUse reliable models; write clear tool descriptions; test thoroughly
Argument hallucinationModel passes incorrect parameter values to a functionValidate inputs strictly; enforce JSON schema before execution
Excessive tool permissionsAgent has broader system access than the task requiresApply least-privilege; scope tool access to minimum needed
Uncontrolled NHI credentialsAgent API keys treated as lower risk than human credentialsApply full identity governance to all agent credentials
Missing approval gatesHigh-consequence actions execute without human reviewRequire human approval for irreversible or high-impact calls

🏁 7. Conclusion

Function calling is not a feature — it is the architectural bridge between AI reasoning and real-world action. Every AI agent that takes a meaningful action in your business systems, every workflow automation that reads live data and updates records, every AI assistant that can do something rather than just say something, is built on this mechanism. Understanding it gives you a sharper lens for evaluating AI platforms, assessing the risks of agentic deployments, and designing workflows that are both powerful and appropriately controlled. The organisations that will get the most from AI in 2026 and beyond are not just those that adopt the most capable models — they are those that understand how those models connect to their systems, and who governs that connection rigorously.

The practical next step is straightforward: take one workflow in your organisation where AI currently stops at generating text, and ask what it would look like if the AI could also take an action. What function would it need to call? What system would it need to reach? What approval gate would you want before it executed? That thinking process — defining the tool, the access, and the oversight — is function calling literacy applied to your real business context. As MCP continues to standardise the tool integration layer and agentic AI moves further into production workflows, that literacy will become one of the most valuable things any business professional or technical leader can have.

📌 Key Takeaways

Takeaway
Function calling is the mechanism that allows AI models to request actions in external systems — databases, APIs, calculators — without executing any code themselves. The model decides what to call; your application executes it.
The four-step process — define tools, model decides, application executes, results returned — is the same pattern across all major providers, even though API formats differ.
Anthropic Claude leads on tool-calling reliability (8.4/10 vs Google’s 7.9 and OpenAI’s 6.3 as of Q1 2026) — a difference that compounds significantly in multi-step agentic workflows.
MCP (Model Context Protocol) has become the cross-provider standard for tool integration — adopted by OpenAI, Anthropic, Google, Microsoft, and AWS — reducing migration risk and enabling provider flexibility.
Function calling adds an average of 346 extra tokens per call — at 100,000 calls per month, this represents $8–$154 in additional API costs depending on provider, making cost management an active production concern.
Key security risks include prompt injection via tool responses, wrong tool selection, argument hallucination, excessive permissions, and unmanaged non-human identity credentials — each requiring distinct mitigations.
The Colorado AI Act (February 2026) requires meaningful human oversight for high-risk AI systems taking consequential actions — a compliance requirement that directly governs function-calling deployments in employment, lending, and healthcare.
Every AI agent framework — LangChain, CrewAI, AutoGen, OpenAI Assistants — is built on function calling as the foundational primitive. Understanding this mechanism is essential for anyone evaluating, deploying, or governing agentic AI systems.

🔗 Related Articles

❓ Frequently Asked Questions: Function Calling & Tool Use

1. What is the difference between function calling and an AI agent?

Function calling is the mechanism — the technical bridge that lets an AI model request actions in external systems. An AI agent is a system built on top of that mechanism, using repeated tool calls to complete multi-step tasks autonomously. Our autonomous AI agents guide explains how agents use function calling at the planning level to break down and execute complex workflows.

2. Do I need to be a developer to understand or use function calling?

You do not need to write code to understand function calling — and many no-code platforms now expose it through visual workflow builders. However, configuring which tools an AI agent can access, and setting appropriate permission limits, are decisions that non-technical business leaders need to be involved in. Our AI governance framework guide covers how to structure oversight of tool-enabled AI deployments across technical and business stakeholders.

3. Is function calling available in ChatGPT and Claude without an API?

The consumer versions of ChatGPT and Claude use function calling internally — it powers features like web search, code execution, and file analysis — but you cannot define custom functions through the consumer chat interface. Custom tool definitions require API access. Our Claude vs ChatGPT vs Gemini comparison covers what each platform exposes at the consumer and enterprise level for tool-enabled workflows.

4. What should organisations do before deploying AI agents that use function calling?

Apply least-privilege access to all tool definitions, implement approval gates for high-consequence actions, validate all tool arguments before execution, and treat agent API credentials as non-human identities requiring full identity governance. Our AI vendor due diligence checklist includes specific questions to ask AI platform vendors about how their tool use and function calling implementations handle security, logging, and permission scoping.

5. How does MCP change function calling for organisations already using OpenAI or Anthropic?

MCP allows you to define tool integrations once and use them across any MCP-compatible model — reducing per-provider engineering overhead and making it easier to switch models or run multi-model architectures. OpenAI deprecated its Assistants API with a mid-2026 sunset in favour of MCP. Our full MCP explained guide covers the architecture, implementation steps, and the security checklist every organisation needs before connecting MCP servers to production systems.

📧 Get the AI Buzz Weekly Digest

Weekly AI insights, tools, and strategies — delivered every Monday. Free.

Join our YouTube Channel for weekly AI Tutorials.



Share with others!


Author of AI Buzz

About the Author

Sapumal Herath

Sapumal is a specialist in Data Analytics and Business Intelligence. He focuses on helping businesses leverage AI and Power BI to drive smarter decision-making. Through AI Buzz, he shares his expertise on the future of work and emerging AI technologies. Follow him on LinkedIn for more tech insights.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts…