What is Tool Use?

2 min read Updated

Tool use refers to an AI agent's ability to interact with external systems — calling APIs, executing code, querying databases, writing files, or performing any operation — extending its capabilities beyond text generation through protocols like MCP.

WHY IT MATTERS

A language model without tools is sophisticated autocomplete. With tools, it becomes an agent that can act on the world. Tool use is what transforms 'I recommend creating a file called config.yaml' into actually creating it.

Modern tool use follows a standard pattern via MCP: the developer defines available tools with schemas on an MCP server, the agent discovers and invokes them through the MCP protocol, the server executes the tool, and the result is returned for further reasoning.

The tools available to an agent define its capability boundary. A coding agent with access to read, write, and execute tools can refactor entire codebases. The critical question is: which tools should the agent have access to, with what argument constraints, and at what rate?

See tool use working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer governs all MCP tool use through YAML-defined policies. When an agent invokes any MCP tool, PolicyLayer evaluates the call — checking the tool name against allow/deny lists, validating arguments against constraints, and enforcing rate limits — before forwarding it to the server. This ensures tool use stays within authorised boundaries. No code changes to the agent or server.

FREQUENTLY ASKED QUESTIONS

What types of tools can AI agents use via MCP?
Virtually anything exposed as an MCP server: file systems, databases, code interpreters, web browsers, API integrations, shell execution, version control, and more. MCP standardises how tools are described and invoked.
How do you secure agent tool use?
Use PolicyLayer to enforce YAML policies on every tool call. Define an explicit allowlist of permitted tools (fail-closed), constrain arguments to safe values, set rate limits, and monitor via audit logs.
What is MCP's role in tool use?
MCP (Model Context Protocol) standardises how tools are described and invoked, creating a universal interface between agents and tool providers. PolicyLayer leverages this standardisation to enforce policies at the protocol level.

FURTHER READING

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.