Someone is probably routing the connection. Not much to do. But you know that a rogue AP is not necessarily malicious, correct?
In this regard, Cisco WLC is more efficient than Maraki.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.
Please, if this post was useful, leave your kudos and mark it as solved.