From Prompt & Pray to “Tools & Pray” [Chapter 5 - AI Deep Dives]
George
Chief of AI at Moveo
19 de setembro de 2025
in
✨ AI Deep Dives
Welcome to another installment of our "AI Deep Dives" series, where we demystify the challenges and best practices for implementing AI systems in enterprise environments.
In our last chapter, we explored how payments & accounts receivable (AR), an area that demands both sensitivity and rigor, illustrate the dangers of the "Prompt & Pray" approach. We learned that simply relying on a Large Language Model (LLM) to manage the entire process, including negotiation and compliance, is a risky gamble.
That's because the LLM's fluency can't replace the need for clear business rules, proper validation, and robust governance. Instead, we argued that a Multi-Agent System architecture, where each step is controlled by a specialized agent, offers the essential security and auditability needed for critical operations.
Now, let's dive into the next evolutionary step that many teams take once they hit the limits of "Prompt & Pray": the transition to"Tools & Pray."
When development teams face the fragility of a standalone LLM, their next logical step is to integrate "tools" via function calling. The goal is to let the model interact with external APIs, such as fetching an account balance, sending a one-time password (OTP), or even creating a payment plan.
At first glance, this seems like the ideal solution. A developer exposes a set of APIs to the model and instructs it, through the prompt, on when and how to use them. It feels like gaining control. The model can now "act" in the real world.
However, the underlying pattern remains the same: "Tools & Pray." You're still relying on a black box to make consistent decisions. You are hoping the model will:
Select the right tool.
In the correct order.
With the exact arguments.
While respecting business and security policies.
In other words, while function calling may seem like an evolution, it doesn't solve the fundamental problem of control. In high-stakes enterprise environments, relying on an LLM to orchestrate complex processes, even with access to tools, introduces risk rather than removing it.
As also mentioned in prior chapters, the real solution lies in an architecture that separates what the model does well (fluid conversation and text interpretation) from what requires precision, security, and auditability (business rules).
→ Read Chapter 4 of "AI Deep Dives": AI for Payments: Why "Prompt & Pray" fails and what scales safely
The risk of relying on the LLM alone
In high-stakes industries like financial services and debt collection, this approach is particularly dangerous. What looks like a simple "set of APIs" is actually a complex, multi-faceted business process that requires:
Eligibility validations.
Mandatory legal disclosures.
Consent validation.
Additional authentication steps.
And audit notes.
Trying to pack all these requirements into tool descriptions and a "mega-prompt" doesn't guarantee they'll run in the correct sequence, with proper recovery in case of failure, or with the tone required by regulators.
The model might retrieve the correct balance and draft a polite message, but it could also skip the consent request, mishandle authentication, or fabricate a payment plan parameter, all before anyone even notices.
What Function Calling can and cannot do
Let's be clear, function calling has its place. It's great for:
✅ Fresh data access: It allows the model to fetch up-to-date information.
✅ Structured retrieval: It helps the model get specific, organized data.
✅ Data grounding: It provides factual context for the LLM's response.
However, on its own, it doesn't solve:
❌ Process control: The order and logic of actions are not guaranteed.
❌ Argument validation: It doesn't ensure the data passed to the tools is valid or follows business rules.
❌ Consent and authorization: It doesn't guarantee that permission steps were followed.
❌ Tone and compliance guarantees: The final response and the system's behavior may not meet compliance guidelines.
❌ Auditability and explainability: It makes tracking every step of the process a nightmare.
Example: Imagine a customer requests to cancel a wire transfer. The LLM chooses the correct tool, but forgets to verify identity with OTP before executing the call. Or it fabricates a transaction ID that looks valid but does not exist. Both cases result in failed controls, potential fraud exposure, and painful reconciliation for finance teams. Without an external planner, validators, and a deterministic control plane, the "Tools & Pray" approach is simply not robust enough for enterprise reality.
The solution lies in orchestration and deterministic control
If "Prompt & Pray" is a gamble and "Tools & Pray" still lacks control, what's the path forward?
The answer is orchestration: a system that combines the fluency and reasoning of LLMs with the precision, security, and auditability of deterministic flows.
Here’s what that looks like in practice:
LLMs still do what they’re best at: interpreting natural language and guiding the conversation.
Function calling is leveraged for utility: fetching balances, checking transactions, or retrieving fresh policy data.
Deterministic flows wrap around those calls, ensuring they happen in the right order (e.g., consent → OTP → cancel wire transfer) and that arguments are business-valid, not hallucinated.
Specialized agents (planning, compliance, insights) decide when a tool should be used, validate the output, and log every action for audit and explainability.
Function calling still plays a role, but as a component inside the flow, not as the control plane itself. This way, you get the best of both worlds: the natural flexibility of LLMs paired with the safeguards of structured automation.
The result is an enterprise-grade system that scales safely, adapts intelligently, and passes audit.
Curious to see this in action? In the next chapter, we will explore “How Function Calling Works (and Where It Breaks)” with real-world examples of how deterministic orchestration solves the limitations of "Tools & Pray."