BTv2.0
Available

[01]AI Engineering

Tool calling is the agent primitive

The difference between a chatbot and an agent is tool calling. Native vs prompted tool calling changes everything — including what survives when you remove safety alignment.

2026-03-204 min

A language model that can only produce text is a chatbot. A language model that can call tools — bash, file operations, APIs, databases — is an agent. That's the entire distinction.

Native vs prompted

Some models have tool calling trained into the weights. Claude, GPT-4, and GLM-4 all have native function calling — the model understands structured tool invocation as a fundamental capability, not a hack.

Other models get tool calling bolted on via system prompts. You describe the available functions in the system message, hope the model outputs valid JSON, and parse it yourself.

The difference matters more than you'd think.

What abliteration reveals

Abliteration is the process of removing safety alignment from an open-source model by identifying and suppressing the "refusal direction" in the model's activation space. It's a single vector operation — find the direction that maps to "I can't do that," remove it.

Here's what's interesting: when you abliterate a model with native tool calling, the tool calling survives intact. The model still generates structured function calls, still follows schemas, still interacts with external systems correctly.

But when you abliterate a model with prompted tool calling, the tool calling often breaks. The model stops reliably generating the expected JSON structure. The system prompt instructions become suggestions it can ignore.

This tells us something fundamental: native tool calling is a capability. Prompted tool calling is compliance.

What this means for builders

If you're building agents, this distinction shapes every decision:

  • Reliability: Native tool calling is deterministic in a way prompted tool calling isn't. You can trust the schema will be followed.
  • Security: Understanding that tool calling can survive alignment removal tells you where your actual security boundary is (hint: it's not the model's refusal behaviour).
  • Architecture: Build for native tool calling. Use MCP for standardised interfaces. Don't rely on prompt engineering to make tool calling work — use models that have it in the weights.

The agent ecosystem is being built right now. The teams that understand this primitive deeply will build more reliable systems than the ones treating it as an API feature.