Agents, Tool Use, and Autonomous Workflows

intermediate10 min readagentstool-useautonomous-workflowsorchestrationguardrails

From Text Generation to Action

In the previous units, you learned how Large Language ModelsLarge Language Model (LLM)A neural network trained on vast amounts of text data that can understand and generate human language. LLMs power chatbots, document analysis, code generation, and many enterprise AI applications.See glossary generate text based on prompts, retrieve information through RAG, and process documents using embeddings. In all of those scenarios, the LLM is fundamentally a reader and writer -- it takes in text and produces text. It does not do anything.

AI agentsAgentsAI systems that can autonomously plan and execute multi-step tasks by calling tools, querying data sources, and making decisions without human intervention at each step.See glossary change this equation entirely. An agent is an LLM that can take actions in the real world: pull data from systems, execute calculations, trigger workflows, and make decisions across multi-step processes. Instead of just drafting a credit memo, an agent could pull the borrower's financial statements from your document management system, retrieve their credit score from a bureau, check your credit policy for applicable underwriting standards, and then draft the memo -- all in a single automated workflow.

This capability represents the frontier of enterprise AI. It also represents the area requiring the most careful governance, which is why understanding both the potential and the risks is essential for banking executives.

KEY TERM

AI Agent: An AI system built on an LLM that can autonomously plan and execute multi-step tasks by calling external tools, querying data sources, and making intermediate decisions. Unlike a simple chatbot that only generates text, an agent interacts with systems and takes actions.

How Tool Use Works

The foundation of agent capability is tool use (sometimes called function calling). When an LLM is configured with tools, it can decide -- based on the user's request -- that it needs to call an external system to fulfill the request. The process works like this:

The user makes a request: "What is the current credit exposure to Acme Corporation across all our business lines?"
The LLM analyzes the request: The model determines it needs to look up data rather than answer from its training knowledge
Tool selection: The model selects the appropriate tool -- in this case, a credit exposure API -- and generates the correct parameters
Execution: The system calls the actual API, retrieves the data, and returns it to the LLM
Response generation: The model incorporates the real data into its response, producing an accurate, current answer

The LLM does not actually execute the tool call itself -- a surrounding system (the agent framework) handles the actual execution. But the model decides which tools to call, with what parameters, and how to use the results.

BANKING ANALOGY

Think of an AI agent like a loan officer who can pull credit reports, check policies, and draft recommendations autonomously. A traditional chatbot is like calling the loan officer and having them tell you what they think based on memory alone. An agent-equipped system is like having the loan officer with full access to every system in the bank -- credit bureaus, policy databases, financial statement repositories, collateral valuation systems -- who can pull the relevant information, apply the relevant policies, and draft a recommendation, all before coming back to you with an informed answer.

Multi-Step Reasoning and Orchestration

Real banking workflows are rarely one-step processes. An agent's power comes from chaining multiple tool calls together in a logical sequence, adapting its plan based on intermediate results. This is called multi-step reasoning.

Consider an automated regulatory inquiry response workflow:

The agent receives an examiner's question about a specific transaction
It searches the transaction database for the relevant records
It retrieves applicable compliance policies from the knowledge base
It checks whether the transaction was flagged by monitoring systems
It reviews any prior examination findings related to similar transactions
It drafts a response memo citing specific policies, transaction details, and monitoring results

An orchestration frameworkOrchestration FrameworkSoftware that coordinates LLMs, tools, and data sources into complex workflows. Frameworks like LangChain and LangGraph manage prompt chains, memory, and tool calling for multi-step AI tasks.See glossary manages this multi-step process. Popular frameworks include LangChain, LangGraph, and CrewAI. These frameworks handle the loop of reasoning, tool calling, and result integration that makes agents practical for complex workflows.

KEY TERM

Orchestration Framework: Software that coordinates LLMs, tools, and data sources into complex, multi-step workflows. The framework manages the cycle of reasoning, action, and observation that enables agents to complete sophisticated tasks.

Why Guardrails Are Non-Negotiable in Banking

The same autonomy that makes agents powerful also makes them potentially dangerous in a regulated environment. An agent with access to customer data, transaction systems, and communication channels could -- without proper constraints -- take actions that violate regulations, expose sensitive data, or make unauthorized decisions.

GuardrailsGuardrailsSafety mechanisms that constrain AI model outputs to prevent harmful, off-topic, or non-compliant responses. Critical in banking for regulatory adherence and brand safety.See glossary are the safety mechanisms that constrain what agents can and cannot do. In banking, guardrails are not optional -- they are fundamental to responsible deployment.

Types of Guardrails

Input guardrails: Filter and validate user requests before the agent processes them. Prevent prompt injection attacks, block requests for unauthorized data, and enforce access controls.

Output guardrails: Review agent responses before they reach users or external systems. Check for sensitive data exposure, regulatory compliance, and factual accuracy.

Action guardrails: Constrain which tools an agent can call and under what conditions. For example, an agent might be allowed to read transaction data but never to modify it, or it might be required to flag any action that exceeds a dollar threshold for human approval.

Escalation protocols: Define when an agent must hand off to a human. High-value transactions, regulatory inquiries, and customer complaints above a certain severity should always involve human judgment.

Warning

Never deploy an AI agent in a banking environment without explicit action constraints and human-in-the-loop checkpoints. An unconstrained agent with access to banking systems is a regulatory and operational risk. Every tool the agent can call should have defined permissions, and high-stakes actions should require human approval before execution.

Agent Architecture Patterns for Banking

Banking institutions typically adopt one of these agent deployment patterns:

Read-only agents: The agent can query systems and retrieve data but cannot modify anything. This is the safest starting point and covers many high-value use cases (research, analysis, Q&A).

Supervised agents: The agent can propose actions but requires human approval before execution. Useful for draft generation, recommendation systems, and workflow initiation.

Autonomous agents with constraints: The agent can execute actions within predefined boundaries (e.g., process transactions below a threshold, send pre-approved communication templates). Reserved for well-tested, low-risk workflows.

Tip

Start with read-only agents. They deliver significant value -- answering questions about policies, summarizing documents, analyzing data across systems -- without the risk of autonomous action. Once your institution builds confidence in agent behaviorInferenceThe process of running a trained model to generate predictions or outputs from new input data. Inference cost, latency, and throughput are key factors in enterprise AI deployment.See glossary and governance, gradually expand to supervised and constrained autonomous patterns.

The Road Ahead

AI agents represent the future of enterprise automation in banking. The institutions that develop robust agent frameworks -- with clear tool definitions, comprehensive guardrails, and rigorous governance -- will unlock productivity gains that far exceed what standalone LLMs can deliver. But rushing to deploy autonomous agents without proper controls would be as reckless as giving a new employee full system access on their first day.

The key is measured, governed adoption: start with read-only, advance to supervised, and earn your way to autonomous -- one proven use case at a time.

Quick Recap

AI agents are LLMs that can take actions by calling external tools and executing multi-step workflows, not just generating text
Tool use enables agents to pull data from systems, execute calculations, and trigger real-world actions based on natural-language requests
Orchestration frameworks (LangChain, LangGraph) manage the multi-step reasoning loop that makes agents effective for complex banking workflows
Guardrails are non-negotiable in banking: input filters, output checks, action constraints, and escalation protocols protect against regulatory and operational risk
Start with read-only agents and progress to supervised and autonomous patterns as governance matures

KNOWLEDGE CHECK

What fundamentally distinguishes an AI agent from a standard LLM chatbot?

A bank is deploying an AI agent that can query customer account balances and draft communications. What is the most critical guardrail to implement?

Why do most banking institutions start agent deployment with read-only agents rather than fully autonomous agents?